Windows Exploits, Cyberweapons, and You

pexels-photo-51415 blog 25apr17.jpeg

As we previously discussed in six signs of a data breach in progress, many organizations are not aware of an attack until after it has occurred. Whether you have seen an uptick in critical file changes, locked user accounts, or unusual outbound activity, recognizing the problem and addressing the problem can help with additional solutions. 

What Happened

In mid-April, Shadow Brokers Hacking group released information showcasing hacking tools belonging to NSA. Originally thought to be a low-severity issue, it is now being reported to be believed that thousands of Windows systems may be infected with an NSA backdoor. The MS17-010 patch released in March notes the disclosed windows exploits fall into vulnerabilities already patched in Microsoft-supported products. 

 

Who Is Affected

Of course this affects the NSA, but how does the affect everyone else?  Though reported scans range from 30,000 to 107,000 computers infected with DoublePulsar,  there are also theories of copycat hackers surfacing. Only time will tell if the numbers are consistent with actual hacks.

 

Why This Matters

Windows XP is still installed on 6.5 million users according to Avast PC Trends Report for Q1 2017.   This OS support was discontinued 3 years ago, and it was noted in 2014 that 85 percent of firms using XP weren't able to make the deadline. And as the Avast PC Trends report notes, the usage of XP is higher than Windows Vista, which is more secure and reliable.
 
  

Why Fix If Its Not Broken

Complex infrastructures are not always able to be updated due to costs. Additionally, updating a system due to its age it is not always practical if a system is accurately working, and does not pose a threat or compromise to compliance and security. Back in 2014, retailers with POS systems running XP were up against PCI Compliance deadlines.  Many organizations had to update in order to stay compliant. But what about updating to stay secure?
 
 

Strategy Needed

With this recent wave of hacking, organizations may not be sure how to react. As we previously discussed, no industry is immune, and surveys are not needed to prove that many organizations are not sure how to proceed or how to secure their infrastructure. But, beginning to look at the big picture, or even taking time to assess the current situation is a start.
 
Mitigating controls, file Integrity monitoring is a great way to maintain operational continuity without sacrificing security. Knowing what changed is only part of the story though. Advanced FIM solutions like CimTrak give you a deeper dive into changes by not only letting you know exactly what changed, but also other forensic details such as who,  changed the informaton, what exactly changed, when it was changed, and the process used to change it, or the how. 

To learn more about File Integrity Monitoring, download our Definitive Guide to FIM today.
 
 
 New Call-to-action

 

Jacqueline von Ogden

Since 1999, Jacqueline has written for corporate communications, MarCom agencies, higher education, and worked within the pharmacy, steel and retail industries. Since joining the tech industry, she has found her "home".