Watch out for the zombies this Halloween! Windows XP systems, like zombies, are hard to kill. In many medium-sized companies, computers with the outdated operating system are still in use. Especially in the manufacturing industry, many control computers only run under Windows XP or other outdated operating systems. This makes it easy for cyber criminals to attack. The computers should be removed from the network as quickly as possible or at least effectively separated. Otherwise there is a risk of damage from attacks that quickly threaten the existence of the company.

Windows XP: still clinging to life somehow

Every year millions of new computers are sold worldwide. Nevertheless, on 0.8 percent of all machines, Windows XP still reigns supreme. Many companies still rely on a system that has not been updated for a long time and whose source code has been partially leaked.

Tim Berghoff comments, Whichever way a company goes, something has to happen. Otherwise, there is also the threat of a serious loss of reputation if it becomes known that an attack based on outdated operating systems was successful. It is therefore worth tackling the problem head-on and providing more security.”

According to the experience of the security experts at G DATA CyberDefense, this problem is cropping up time and again. An example: a company buys a new industrial printer which can print paint samples for cars. This enables customers to understand how the paint on a car feels. This printer costs several million Euros and is controlled by an XP system. This example shows that outdated operating systems can be found on many computers used to control industrial machinery or entire production plants. Often the control software for the machine controlling the system is not compatible with current Windows versions.

Another problem is outdated servers: According to a study by an IT company, more than half (58 percent) of all Windows servers are outdated and no longer receive the necessary updates. This makes it impossible to sustain secure operations, adding an even more urgent need to replace those systems. The company had checked all servers that were accessible over the Internet. In many cases, such systems are also kept alive to ensure backwards compatibility with other systems. In the worst case, this results in a fatal chain of security gaps.

Every zombie expert knows: You have to decapitate a zombie to render it harmless. With Windows XP, this is difficult, as the company is strictly speaking stuck without the zombie PC. In addition, companies are often bound by contractual terms or depreciation periods or face high re-licensing costs when upgrading.

Another problem is that sometimes the manufacturing company is no longer in business, which makes an update impossible. Alternatively, a new version might be incompatible with a current operating system. The only solution in such cases would be to make a new purchase.

In general, the implementation of an update is associated with a high amount of effort. Production, which often runs 24/7, must be stopped for this. An update is therefore difficult and expensive. Moreover, certifications and regulations can hinder an update process: once the environment has been approved in a certain state, new software cannot simply be installed. Therefore, investing in a costly new purchase is an alternative.

Another possibility is the consistent separation of the network in which the affected computers run. This means that an attacker cannot access the controls of the production IT from the administration and office network. This system should be hardened, if possible: It should not have an Internet connection and should only be equipped with the most essential services. In addition, a hard set of rules should be established, which ensures that only a minimum of necessary data traffic is possible.

Tim Berghoff
Security Evangelist at G DATA CyberDefense