Exploitation of the unprotected computer operating system, Windows XP, is happening, said Brian Wilkey, senior vice president of Digital Boardwalk, Inc., a Pensacola based information technology (IT) company. It was predicted to happen after the April 8 termination of support by Microsoft, a standard practice called a program's end of life (EOL), computer problems would come for dedicated XP users. Microsoft will no longer publish updates for the 12-year-old system; CNN Money reported 29 percent of the world's computers were still utilizing XP. Because of this issue, two major effects are one, new hardware, like printers and monitors, won't be able to communicate with the outdated system, and two, Microsoft will no longer offer patches to newly discovered vulnerabilities.
Wilkey discussed three results his company as seen since XP's EOL.
The first result, Wilkey said he’s seen a wave of malicious software, known as malware, attacking machines still running XP. Wilkey said, "We've seen an 80 percent increase in malware toward XP machines for the clients we manage." He said they could not trace it back to the source, but did track it down to the second week of May. According to Wilkey, this malware has become more insidious. Originally, he said, malware would masquerade as protection software and declare there was a threat on the system. Unaware users would pay a sum to the fake anti-virus company to remove it. Wilkey said the focus of cyber attacks has changed. "Identities are worth a lot of money," Wilkey said, as evidenced by the Target and eBay cyber attacks. "Identity protection is a wise investment," he said.
Wilky identified seniors as the most vulnerable to identity attacks. “I’m willing to bet the older demographic is still using XP,” he said. Wilky said it takes only one time of putting sensitive personal information online, like making purchases via the internet or entering a social security number, to become vulnerable to attack.
The second result of XP’s EOL revolves around machines storing medical records and other protected medical information. "HIPAA is huge," Wilkey said, referring to the Health Insurance Portability and Accountability Act of 1996, designed to secure patient medical information, "And requires ongoing patching." Wilkey said once XP’s EOL passed, every machine containing patient records, and therefore bound by the act, instantly lost HIPAA compliance. While this may sound like a theoretical problem with only the potential for negative impact, Wilky said, “I was personally brought into an organization in Northwest Florida that had a breech due to XP vulnerability.”
Finally, Wilky said handling XP’s EOL also meant dealing with programs reliant on the outdated operating system. In particular, he cited Windows Server 2003 and Windows Exchange 2003, programs for handling computer databases (servers) and email. Wilky said swapping desktops is a small problem compared to servers. “More critical information is stored on servers,” he said.
The good news, Wilky said, is he predicts a shift away from attacking XP vulnerability. Naturally, as individuals and companies upgrade their machines, cyber attacks aiming for XP machines will run out of targets. “It’s all about majority,” Wilky said, meaning hackers attack the biggest fish in the sea and while XP permeated almost a third of computers worldwide, it’s not the only target. “Apple’s OS X vulnerability is a problem,” he said. Apple is widely known to be secure, but according to Wilky as the number of Apple machines and market share increase so does invitation to attack.
Google handles security proactively, Wilky said, in an annual challenge to hackers. The contest centers on breeching security systems and then Google paying millions in prize money for information on how it was done. The contest is called “Pwnium” and March 12 was the fourth one.
Less proactive was how Microsoft handled advertising XP’s EOL, according to Wilky. While the information was available for a year, he said, “Companies thought they didn’t need support from Microsoft.” He said they thought their own IT departments and security programs could handle any security issues.
According to Microsoft Windows’ website the lifecycle fact sheet lists the next Windows OS, Windows Vista, experiencing EOL April 11, 2017. What may be worrisome to businesses and individuals alike is the existing permeation of XP. Net Market Share, the company cited by CNN, as of May still shows Windows XP in 25.27 percent of the world’s systems.
This article originally appeared on Santa Rosa Press Gazette: Bugs flooding Windows XP