Announcement of 29. October 2020

Halloween and Windows XP systems: Killing zombies is not easy

For medium-sized businesses, outdated systems are an incalculable risk

Windows XP systems are like zombies: they are hard to kill. In many medium-sized companies, computers with the outdated operating system are still in use. Especially in the manufacturing industry, many control computers only run under Windows XP or other outdated operating systems. This makes it easy for cyber criminals to attack. The computers should be removed from the network as quickly as possible or at least effectively separated. Otherwise there is a risk of damage from attacks that quickly threaten the existence of the company.

Tim Berghoff

Witches and zombies are everywhere during Halloween, but disappear again quickly once Halloween has passed. In many companies, the undead remain active all year round. Critical systems still run Windows XP, server systems are hopelessly outdated and manufacturer support has been expired for years. This is irresponsible, because it endangers the security and with it also the economic success of the companies. Updating the affected systems is difficult, in some cases only a new acquisition or the separation of the network is promising. However, this does not change the fact that urgent action is needed in this area. Otherwise companies face a significant risk of substantial economic losses and damages to reputation.

Tim Berghoff

Security Evangelist at G DATA CyberDefense

Windows XP: still clinging to life somehow

Every year millions of new computers are sold worldwide. Nevertheless, on 0.8 percent of all machines, Windows XP still reigns supreme. Many companies still rely on a system that has not been updated for a long time and whose source code has been partially leaked.

 

According to the experience of the security experts at G DATA CyberDefense, this problem is cropping up time and again. An example: a company buys a new industrial printer which can print paint samples for cars. This enables customers to understand how the paint on a car feels. This printer costs several million Euros and is controlled by an XP system. This example shows that outdated operating systems can be found on many computers used to control industrial machinery or entire production plants. Often the control software for the machine controlling the system is not compatible with current Windows versions.

Old servers are still in use

Another problem is outdated servers: According to a study by an IT company, more than half (58 percent) of all Windows servers are outdated and no longer receive the necessary updates. This makes it impossible to sustain secure operations, adding an even more urgent need to replace those systems. The company had checked all servers that were accessible over the Internet. In many cases, such systems are also kept alive to ensure backwards compatibility with other systems. In the worst case, this results in a fatal chain of security gaps.

How to kill zombies

Every zombie expert knows: You have to decapitate a zombie to render it harmless. With Windows XP, this is difficult, as the company is strictly speaking stuck without the zombie PC. In addition, companies are often bound by contractual terms or depreciation periods or face high re-licensing costs when upgrading.

 

Another problem is that sometimes the manufacturing company is no longer in business, which makes an update impossible. Alternatively, a new version might be incompatible with a current operating system. The only solution in such cases would be to make a new purchase.

 

In general, the implementation of an update is associated with a high amount of effort. Production, which often runs 24/7, must be stopped for this. An update is therefore difficult and expensive. Moreover, certifications and regulations can hinder an update process: once the environment has been approved in a certain state, new software cannot simply be installed. Therefore, investing in a costly new purchase is an alternative.

Separate network

Another possibility is the consistent separation of the network in which the affected computers run. This means that an attacker cannot access the controls of the production IT from the administration and office network. This system should be hardened, if possible: It should not have an Internet connection and should only be equipped with the most essential services. In addition, a hard set of rules should be established, which ensures that only a minimum of necessary data traffic is possible.

 

"Whichever way a company goes, something has to happen. Otherwise, there is also the threat of a serious loss of reputation if it becomes known that an attack based on outdated operating systems was successful. It is therefore worth tackling the problem head-on and providing more security," says Tim Berghoff.

Media:

Announcement of 29. October 2020