Users of newer, patch-supported versions of the Windows operating system aren’t the only ones to receive security updates aimed at protecting them against ransomware attacks such as last month’s WannaCry. Citing the “elevated risk for destructive cyberattacks at this time,” Microsoft said yesterday it’s also making those updates available to customers with older versions of Windows no longer supported with regular patches.
Also known as WannaCrypt, the WannaCry ransomware attack hit computer systems around the world that are still using outdated software like Windows XP and Windows 7. Among the organizations affected were FedEx and the U.K.’s National Health Service (NHS).
‘Elevated Risk for Destructive Cyberattacks’
Microsoft made the unorthodox decision to offer security updates to users with older versions of Windows after identifying some vulnerabilities that “post elevated risk of cyber attacks by government organizations, sometimes referred to as nation-state actors or other copycat organizations,” Adrienne Hall, general manager for the company’s Cyber Defense Operations Center, said in a blog post.
Following the WannaCry attack, some researchers said North Korea was likely to blame, although officials in that country denied the allegation. The WannaCry malware took advantage of a Windows vulnerability that had been used for surveillance by the National Security Agency before the exploit was stolen and released by the Shadow Brokers hacking group in April.
“Due to the elevated risk for destructive cyber attacks at this time, we made the decision to take this action because applying these updates provides further protection against potential attacks with characteristics similar to WannaCrypt,” Hall said in her blog post. However, the best defense against such malware is to update to a new platform that’s supported with regular security updates, she added.
“It is important to note that if you’re running a supported version of Windows, such as Windows 10 or Windows 8.1, and you have Windows Update enabled, you don’t need to take any action,” Hall said. “Older systems, even if fully up-to-date, lack the latest security features and advancements.”
The decision to offer updates for unsupported software “should not be viewed as a departure from our standard services policies,” Eric Doerr, general manager of the Microsoft Security Response Center, said in a separate post on Microsoft’s TechNet site.
Rising Concerns about Future Exploits
In a post last month on the site Steemit, the Shadow Brokers said that sometime this month it plans to launch a “ShadowBrokers Data Dump of the Month” subscription service that will release into the wild new exploits for Web browsers, banks and payment service providers, newer operating systems including Windows 10, and “compromised network data from Russian, Chinese, Iranian, or North Korean nukes and missile programs.”
Meanwhile, on June 1, the leak-publishing organization WikiLeaks posted online documents obtained from the Central Intelligence Agency’s “Pandemic” project, which targets Windows machines for cyberattacks.
“As the name suggests, a single computer on a local network with shared drives that is infected with the ‘Pandemic’ implant will act like a “Patient Zero” in the spread of a disease,” WikiLeaks said. “It will infect remote computers if the user executes programs stored on the pandemic file server. Although not explicitly stated in the documents, it seems technically feasible that remote computers that provide file shares themselves become new pandemic file servers on the local network to reach new targets.”
Security experts are voicing concern about the potential for the next cybersecurity attack to cripple utilities, hospitals, or other vital services. The WannaCry attack, for instance, forced Britain’s NHS to postpone numerous surgeries and other procedures. Identity theft, ransomware, and nation-state hackers are posing an increasing threat to the healthcare system in particular, according a recent report on cybersecurity from the U.S. Department of Health and Human Services’ Health Care Industry Cybersecurity Task Force.
“[T]he rise and sophistication of ransomware attacks that hold IT systems and patient-critical devices hostage continues to grow, as evidenced by hospital ransomware attacks of 2016,” the report stated. “These incidents underscore the concerns about organizations having neither the awareness of current threats nor the technical personnel to prevent or deal with these threats, many of which are not new.”