Cybercriminals Target Computers Running Windows 7
by Chloe Bowen
Since Microsoft discontinued support for Windows 7 on January 14th, the FBI has observed cybercriminals targeting computer network infrastructure which is still using the operating system, according to a recent bulletin provided by the US Department of Health & Human Services Office for Civil Rights.
At this point, continuing to use Windows 7 may provide cybercriminals access into your computer system. As time passes, Windows 7 becomes more vulnerable because it is not receiving security updates.
On January 14, 2020, Microsoft ended support for the Windows 7 operating system, including security updates and technical support unless certain customers purchased an Extended Security Update (ESU) plan. However, Microsoft will only offer the ESU plan option until January 2023.
It is common to see cyberattacks when an operating system is no longer being supported. For example, after Microsoft stopped supporting Windows XP in 2014, the healthcare industry saw a large increase in exposed records, including an attack on the largest hospital group in the UK.
Cybercriminals search for entry points into legacy operating systems in order to leverage the Remote Desktop Protocol (RDP), which makes it possible for a user to connect to another computer over a network connection.
Microsoft released an emergency patch for its older operating systems, including Windows 7, after an information security researcher discovered an RDP vulnerability called BlueKeep in May 2019. However, hackers developed a workaround two months later.
Cybercriminals often use misconfigured or improperly secured RDP access controls to conduct cyber attacks. For example, the xDedic Marketplace, taken down by law enforcement in 2019, flourished by compromising RDP vulnerabilities around the world.
Hackers use RDP to gain access to the host computer or network in order to install ransomware on the system. Once installed, users lose access to their devices, data, and the larger network until payment is made.
This is a situation that healthcare providers cannot afford—which is why it’s important to adequately protect yourself and your company against an RDP hack.
How to protect yourself
Defending against cybercriminals requires a multilayered approach, including validating your current software, access controls, and network configurations.
You should consider:
- Upgrading operating systems to the latest supported version
- Ensuring anti-virus, spam filters, and firewalls are up to date, properly configured, and secure
- Auditing network configurations and isolating computer systems that cannot be updated
- Auditing your network for systems using RDP, closing unused RDP ports, applying two-factor authentication wherever possible, and logging RDP login attempts
Let’s not forget that many successful cyberattacks stem from email phishing campaigns, which trick people into giving up information in order to access and exploit valuable or sensitive systems.
One method that malicious actors employ is display name spoofing, changing the display name of an email sender to appear as if the email comes from someone’s boss or CEO—
Luckily, Paubox Email Suite Premium comes with our patent-pending ExecProtect feature, which prevents display name spoofing emails from hitting the inbox. It also includes robust spam filtering and blocks emails containing viruses, such as malware or ransomware.
In addition, our Premium subscription includes email archiving and data loss prevention (DLP), to keep unauthorized employees from accidentally or maliciously transmitting unauthorized information via email.