The FBI warned private industry partners of risks impacting companies running Windows 7 after the Microsoft OS reached the end of life on January 14.
The Federal Bureau of Investigation is warning companies running Windows 7 systems of the greater risk of getting hacked because the Microsoft OS has reached the end of life on January 14.
Early this week, the FBI has sent a private industry notification (PIN Number 20200803-002) to partners in the US private sector.
“The FBI has observed cyber criminals targeting computer network infrastructure after an operating system achieves end of life status,” reads the the FBI’s PIN.
“Continuing to use Windows 7 within an enterprise may provide cyber criminals access in to computer systems. As time passes, Windows 7 becomes more vulnerable to exploitation due to lack of security updates and new vulnerabilities discovered.”
“With fewer customers able to maintain a patched Windows 7 system after its end of life, cyber criminals will continue to view Windows 7 as a soft target,”
Feds urge organizations to upgrading their systems running Windows 7 to newer versions for which the IT giant is still providing security updates.
Microsoft still allows its Windows 7 users to upgrade to Windows 10 for free, but sometimes the underlying hardware doesn’t support the free upgrade.
The FBI cited the case of previous Windows XP migration, many systems that were not upgraded remained exposed to a significant number of attacks.
“Increased compromises have been observed in the healthcare industry when an operating system has achieved end of life status. After the Windows XP end of life on 28 April 2014, the healthcare industry saw a large increase of exposed records the following year,” the FBI said.
The experts explained that threat actors could exploit multiple known vulnerabilities impacting Windows 7 to compromise the systems running the popular Microsoft OS.
For many of these flaws, it is possible to find online working exploits. such as the EternalBlue and BlueKeep exploits
The FBI added that several companies have yet to patch its systems and urged them to apply the upgrade, the agency also provided the following recommendations:
Ensuring anti-virus, spam filters, and firewalls are up to date, properly configured, and secure.
Auditing network configurations and isolate computer systems that cannot be updated.
Auditing your network for systems using RDP, closing unused RDP ports, applying two-factor authentication wherever possible, and logging RDP login attempts.