Windows 7 Users Are at Serious Risk for Cyber Attacks
The US Federal Bureau of Investigations (FBI) issued a warning about the continued use of Windows 7 on computers. The operating system was sunsetted earlier this year leaving these machines vulnerable to cyberattacks.
In mid-January 2020, Microsoft ended all support for the Windows 7 operating system. That means there are no more software updates, including security patches, to defend against malware and ransomware attacks. Without security updates threat actors can exploit flaws in software and hardware to steal usernames, passwords, bank account credentials, and other sensitive data from older computers.
Customer technical support for Windows 7 is no longer available either.
“Increased compromises have been observed in the healthcare industry when an operating system has achieved the end of life status. After the Windows XP end of life on 28 April 2014, the healthcare industry saw a large increase of exposed records the following year,” says the FBI alert.
Although users could upgrade their operating systems, any computer or laptop that is still running Windows 7 is fairly old. Microsoft released Windows 7 in October 2009. Retail sales of Windows 7 ended in October 2014. These older machines do not have security features like facial recognition and fingerprint scans to secure them. Newer machines are more secure, have faster WiFi connections, and much better graphics.
Increasing Potential for Cyber Attacks
The longer hardware or software goes without an update, the more vulnerable it becomes to hacking. The FBI alert cites a statistic that says as of May 2019 a whopping 71 percent of Windows devices used in the healthcare sector were still running an OS that became unsupported in January 2020.
WannaCry Ransomware Attack
In May 2017 the WannaCry ransomware attack spread across the globe. Of 300,000 computers crippled in the attack, 98 percent of them were running the Windows 7 operating system.
During the attack, WannaCry crippled the UK’s National Health System (NHS) which was unable to access patient data because the infected computers. None of the machines had been updated with a security patch that Microsoft had released in March 2017 – two months before the ransomware attack began.
Threat actors demanded a ransom payment of $300 USD payable in Bitcoin to relinquish control of the computers they had encrypted with WannaCry. Although, cyber security researchers were temporarily able to slow the spread of WannaCry, the threat actors modified their code and the ransomware began to spread once more. A complete reset of a hard drive was necessary to rescue infected machines until Microsoft release instructions on how to mitigate the attack until the computers could be updated and secured.
At the end of 2017, the United States and the United Kingdom both officially blamed North Korea for WannaCry. Later Australia, Canada, and Japan also attributed WannaCry to North Korean hackers.
The FBI recommends the following actions to protect your computers:
- Upgrade Windows to the latest supported version, in this case, it’s Windows 10. However, you may find that it is cheaper to get a new tablet or laptop that comes bundled with Windows 10 than it is to buy an upgrade.
- Download and enable reliable anti-virus software to protect computers, tablets, and phones
- Use a SPAM filter for your email
- Never click on links in suspicious emails. Read our free guide on How to Spot a Phishing email