You may have heard of a recent ransomware attack that brought Fidelity National Financial to a total standstill late last year. While the specific details remain under investigation, security experts agree that outdated software, particularly end-of-life operating systems, can offer a critical vulnerability for attackers to exploit. This week, we’ll explore how these aging systems create hidden security risks, how attackers leverage them in cyberattacks, and what your business can do to mitigate these threats. We’ll also delve into strategies for protecting existing end-of-life systems and chart a course towards transitioning away from their dependence altogether.
The Fidelity National Finance attack
In November 2023, the cybercriminal group AlphV/BlackCat claimed responsibility for a ransomware attack that brought Fidelity National Financial to its knees. The attack caused widespread disruption across the title insurance giant’s operations, affecting key services like escrow and title closings. While the full extent of the attack and the exploited vulnerabilities remain under investigation, the incident stands as a reminder of the hidden dangers lurking within outdated software, particularly end-of-life operating systems.
The cause of the FNF attack hasn’t yet been publicly announced, but the event can still serve as reminder that any system running end-of-life software is a potential goldmine for attackers, inviting them to exploit its weaknesses for various malicious purposes. While the attack’s cause isn’t known, EOL software often plays a role in attacks of this scale—it’s a leading cause of vulnerabilities alongside poor and outdated authorization schemes.
EOL software & public knowledge of vulnerabilities While there certainly are some novel attacks out there, most attacks rely on known vulnerabilities. It’s far more likely that attackers look for systems they know they can compromise as part of the attack than invent a new technique for exploiting a compromised company. Part of the process of fixing software vulnerabilities is reporting by third-party security analysts (and software makers themselves) that lets the public know that the software is compromised. While this helps consumers, software contributors, and system administrators know how to stay safe, it also becomes a roadmap for would-be attackers to exploit unpatched systems.
EOL, outdated, and unsupported software ultimately need to be moved on from. In the case of Windows systems, this means upgrading to a new version of the OS before it is no longer supported. For systems that can’t be updated right now, it’s important to plan how to update and replace the system eventually.
Can Modern Anti-malware Solutions Protect Out-Of-Date Systems?
A robust anti-malware solution may still be able to protect systems that can’t be updated. With a solution like Sophos’ endpoint protection offerings, the core functionality of the anti-malware still works in EOL environments, monitoring the system and the network for threats, suspicious behavior, blocking malicious websites, and preventing data incidents in real time.
This solution, though, is just a temporary remedy, and is itself quite costly when looking at the annual cost. For some workstations and servers, the cost of additional protection when an operating system is EOL can be equal to the cost of fully replacing the workstation.
Prioritize Getting Away From EOL and Unpatched Software
When operating systems go EOL, it’s important to see it through the lens of technical debt. Instead of working around unsupported systems, it’s best to think of your business solutions as an investment in security and functionality. While it may seem that there are good work around now, EOL is a sign that the clock is ticking to make an investment that promotes your future development and improvements to your overall usability and user experience.
As your MSP, Crown Computers is here to help you identify ways to grow and develop your technology according to your company’s values and goals. Modernizing your systems doesn’t need to be a hassle, and it affords you the peace of mind that comes with knowing that you are up-to-date and secure for all of your business computing needs.
-Written by Derek Jeppsen on Behalf of Sean Goss and Crown Computers Team