Massive risk in running outdated and unsupported software

Dubai

Cybercriminals gain their attention towards a technology when it has a larger footprint like Microsoft on PC, Android on Phone and Adobe in applications or when the systems is highly critical which could bring a financial gain or a production loss. Any technology which falls to these criteria always is susceptible to attacks.

“In our last report from 2013, we saw around 680,000 Android malware samples with steep increases quarter after quarter,” said Vibin Shaju, pre-sales regional manager at McAfee MENA.

Last year, Kaspersky Lab detected 104,427 new modifications of malicious programs for mobile devices, which is 125 per cent more than in 2012. Most malicious mobile apps principally aimed to steal money, and subsequently personal data.

“Android is still the main target, attracting a whopping 98.05 per cent of known malware, and we believe it will remain popular among cybercriminal in 2014 as well,” said Ghareeb Saad, senior security researcher, global research and analysis team at Kaspersky Lab.

The upcoming deadline for Windows XP is something that presents a big opportunity to cybercriminals as they will then be able to uncover vulnerabilities without worry of Microsoft providing patches.

It is already worrying that as recently as November 2013, Microsoft admitted to the presence of a zero-day vulnerability that only affected Windows XP and Server 2003 users. While they will provide a patch for this, users will not receive any updates post April 2014.

Saad said the most attacked and vulnerable operating system is Windows XP Professional. From Kaspersky Security Network statistics we received more than 1,240 million attack notifications on Windows XP in 2013, which represent about 28 per cent of all attack notifications.

Running outdated and therefore unsupported versions of software represents a massive risk for users. Java 6 is a fine example of this. In February 2013, Oracle stopped providing updates and patches for the platform. Merely six months later, the industry witnessed a tremendous spike in both the volume and sophistication of attacks that exploit the vulnerabilities of Java 6. And because Oracle no longer provides patches for the platform, these exploits become cumulative and the platform becomes less secure with each passing day.

“Cybercriminals often reverse-engineer released patches to check which flaws that have been addressed and use that knowledge to target older, especially unsupported version of the software,” said Pradeesh VS, General Manager at ESET Middle East.