author photo
By Clare O’Gara
Mon | Aug 10, 2020 | 3:31 PM PDT

When technology companies close the support door on their old systems and software, it opens the gates for cybercriminals.

The most recent example of this is for organizations using Windows 7. According to law enforcement, hackers are taking advantage of those still using the software.

Windows 7 'End of Life' is a cybercrime opportunity

A recent Private Industry Notification (PIN) from the FBI warns against the system's "End of Life" status, which it reached earlier this year:

"On 14 January 2020, Microsoft ended support for the Windows 7 operating system, which includes security updates and technical support unless certain customers purchased an Extended Security Update (ESU) plan.

Microsoft and other industry professionals strongly recommend upgrading computer systems to an actively supported operating system."

When an operating system reaches its End of Life (EOL), it becomes a prime target for hackers. The stream of patches, security updates, and research into vulnerabilities from the system's provider ends, leaving the system and the user more defenseless than ever.

And this can have dangerous consequences, particularly depending on who that user is. As the FBI puts it:

"As of May 2019, an open source report indicated 71 percent of Windows devices used in healthcare organizations ran an operating system that became unsupported in January 2020. Increased compromises have been observed in the healthcare industry when an operating system has achieved end of life status."

The healthcare industry is already under major stress amid COVID-19. An unsupported operating system grants hackers easier pickings.

Patching: a failed security paradigm?

Another thread in the tapestry of End of Life systems: patching.

Patching is a useful tool for tech companies until EOL. However, in many devices, security patches simply don't happen.

In an interview with SecureWorld News, cybersecurity thought leader Bruce Schneier touches on the challenges associated with patching as the Internet of Things grows and evolves:

"You know, patching is kind of reaching the end of its useful life. It works, really, because the things we're patching are expensive and maintained by tech companies. They are laptops, they are computers, they are phones. And that whole patching ecosystem is predicated on there being engineers at Apple and Microsoft and Google who can write these patches and push them down.

You start moving to low-cost embedded systems like DVRs and home routers and appliances, and there are no engineers to write patches. There's no mechanism to get the patches to the systems. So that, that's going to fail pretty badly."

What else is reaching End of Life in 2020?

In some ways, the FBI "industry alert" about  Windows 7 is posthumous: the operating system lost support in January, before the world, and particularly the healthcare industry, was transformed by COVID-19.

But you can still get ahead of the curve with other systems.

It's worth taking a look at Adobe Flash, a system beset by security vulnerabilities and reaching its EOL status on December 31, 2020.

Like Windows 7, it's the kind of thing that may soon give hackers new life when looking for end of life cyberattacks.

Comments