Organizations that use Microsoft Windows 7 systems on the network networks are now at elevated risk of cyber attacks, the National Bureau of Investigation (NBI) warns.
According to the FBI, cybercriminals took advantage of Windows 7’s end-of-life status to attack various computer network infrastructures.
“Continuing to use Windows 7 in an enterprise may provide cybercriminals access in to computer systems,” added the security agency.
FBI claimed Windows 7 is potentially more susceptible to intrusion schemes owing to a lack of protection function patches. It contributes to new bugs that have been found before.
With fewer customers able to maintain a patched Windows 7 system after its end of life, cybercriminals will continue to view Windows 7 as a soft target,” the FBI notice said.
The department reported that hackers and other cyber threats continue to endanger the said OS. The FBI is urging companies to upgrade their workstations to the latest versions of the Windows operating system.
Microsoft still continues to encourage its customers to update their Windows 7 program to Windows 10 at no discount.
Microsoft terminated support for Windows 7, Windows Server 2008, and 2008 R2 on January 14. The decision indicates the software will not provide routinely scheduled security patches anymore.
According to Adam Laub of Stealthbits Technologies, Microsoft launched Windows 7 nearly 11 years ago. Laub added organizations too much time to upgrade their operating system.
“It likely will not stop them from crying victim, however, when their Windows 7 systems are leveraged as the launching point for much more devastating attacks against their [companies],” Laub said.
Why some customers can’t upgrade their operating system
Though Windows 7 is “safe,” some users cannot upgrade to a new operating system. Thousands of hospitals, schools, and government agencies still use the operating system.
The security agency said compatibility problems could limit users from switching from Windows 7 to 10. It pointed out the underlying hardware of certain PCs or laptops couldn’t allow them to upgrade to Windows 10.
The security agency indicated that certain businesses would need to purchase new devices or applications to update the operating system.
“However, these challenges do not outweigh the loss of intellectual property and threats to an organization,” said the FBI.
FBI further clarified that businesses would think for whether they could risk sales due to potential breaches rather than focusing on the real security costs. There are two powerful bugs found for Windows 7. These are BlueKeep and EternalBlue.
Hackers use BlueKeep to breach security devices that have enabled an RDP endpoint.
Hackers also use EternalBlue to exploit for crypto-mining operations, ransomware gangs, and financial crime gangs.
FBI said the only overall option because several businesses were unable to repair the infected systems is to upgrade obsolete and older systems with the latest Windows programs.
Is it practical to update?
Unfortunately, other tech experts said forcing all enterprises to update operating systems before falling out of support is not practical.
Red Canary manager for incident handling Chris Abbey said security and IT departments should establish a consistent and up-to-date action plan for this kind of situation.
“Organizations may want to consider the compliance ramifications of not updating, as certain compliance regimes require that organizations update systems in a timely manner or otherwise limit exposure to software vulnerabilities,” the tech expert said.