FBI: Cyberattackers target EOL Windows 7 systems

FBI: Cyberattackers target EOL Windows 7 systems

The Federal Bureau of Investigation (FBI) issued a private industry notification warning that cyberattackers continue to target end of life (EOL) Windows 7 systems.

It is well known that the Windows 7 operating system has been EOL and no longer supported by Microsoft since they announced end of support January 14, 2020.

However, organizations and users still continue to run the older OS, which no longer receives any security patches. As a result, the risks of cyberattacks and exploitation of these EOL systems increases over time.

“The FBI has observed cyber criminals targeting computer network infrastructure after an operating system achieves end of life status. Continuing to use Windows 7 within an enterprise may provide cyber criminals access into computer systems,” the FBI warned in the advisory.

Readers may also remember WannaCry infected over 200,000 systems and 150 countries in just 3 days back in 2017. The FBI added that nearly 98 percent of those systems infected with WannaCry were running Windows 7.

As recently as May of last year, an open source report revealed 71 percent of devices running Windows in healthcare organizations became EOL in January 2020.

Since the end of July 2019, cybercriminals continued to develop commercial exploits to target BlueKeep RDP-related vulnerability. To add, Microsoft and DHS also forewarned late last year that more BlueKeep threats would target unpatched Windows systems.

As another reminder, the FBI further added that the healthcare industry experienced a surge in exposed records the year after Windows XP went EOL back in April 2014.

Recommended Mitigations

In conclusion, the FBI recommends users and organizations upgrade their OS to latest version (e.g., Windows 10) and keep systems patched. In addition, make sure to keep AV protections up to date and audit network configurations.

Finally, you should audit RDP configurations and close unused RDP ports. Make sure two-factor authentication is also used for remote access to the organization’s network or to sensitive production systems.

Related Articles