Windows 7 is Becoming Even Riskier

Security company Webroot published a report that revealed a sharp increase in the number of infections on systems running Windows 7.

Key Report Findings

1. Windows 7 Exploits Increase
   • Between January and June 2019, the number of Windows 7 machines exploited grew 75%
   • “Out of all infected PCs, 64% were home user machines, and 36% were business devices, likely because home users aren’t protected by firewalls and security policies and may not be updated as regularly.”
     
     
2. Safety in Windows 10
   • “Computers using the Windows 7 operating system are twice as likely to become infected as those running Windows 10”
     
     
3. Phishing on the rise
   • Nearly one-third of phishing sites use HTTPS
   • Extortion emails are claiming the recipient has been caught doing something embarrassing or damaging that will be shared with colleagues, friends, and family unless a ransom is paid.
   • Phishing doesn't always target usernames and passwords; they also go after ‘secret questions’ and their answers.
     
     

Conclusion & Actions Items for your Organization
As previously noted, Microsoft is ending support for the Windows 7 operating system on 14 January 2020. All operators are urged to upgrade to Windows 10 before their systems could become vulnerable to attacks. After the cutoff date, any machine running Windows 7 will no longer be able to receive official security updates or support from Microsoft.

• Take action on your organizations Windows 7 replacement or upgrade plan

• Use a DNS that employs threat intelligence to block malicious domains

• Utilize a content filter to automatically block websites unrelated to business operations

• Ensure all machines have endpoint protection and take advantage of the Browser filtering extensions such as Webroot’s to avoid phishing URLs

• Create security policies to inhibit the activation of malware

• Direct staff to review their social media accounts and avoid divulging information an attacker can use to answer ‘secret questions’

If your organization needs assistance with the implementation in any of the above action items, or if you have questions, please do not hesitate to contact ICS