The Federal Bureau of Investigation (FBI) released a security alert about the use of remote desktop systems such as TeamViewer on outdated operating systems, mainly Windows 7. The alert also refers to security risks for passwords and user accounts on these systems.
The federal agency claims to have detected that multiple cybercriminal groups are able to compromise a computer network as the operating system approaches the end of its life: “Continuing to use Windows 7 in an organization would allow threat actors to access all their computer systems, because as time goes on this operating system becomes more exposed to new vulnerabilities due to the lack of new security updates”, mentions the alert.
Although there are still some organizations that continue to receive Windows 7 system updates thanks to some special Microsoft programs, the FBI believes this work will become increasingly complicated, making these business customers easy targets for a cyberattack, so it is necessary to upgrade to newer versions of the popular operating system.
This solution seems easy and even obvious, as Microsoft still allows its Windows 7 users to upgrade their systems to Windows 10 for free. The real problem begins when considering the underlying hardware, which sometimes does not allow upgrading to a newer version of the operating system. This is a phenomenon that in the past affected hundreds of organizations when trying to upgrade their Windows XP systems.
The agency sees this as an ideal time for updating these systems, as some of the most devastating security incidents could occur when exploiting Windows 7 vulnerabilities in critical systems: “We have observed that a high percentage of cyberattacks against the health industry are related to exploiting failures on near-life operating systems, an example of this is the increase in attacks on Windows XP systems long after the end of its support in April 2014.”
The cybersecurity community considers this not an unfounded fear, as malicious hacking groups could exploit known security flaws on Windows 7 systems through tools like TeamViewer. These attacks would be similar to the popular EternalBlue and BlueKeep. If you are not able to upgrade at this time, the FBI recommends implementing the following security measures:
- Usage of updated and properly configured antivirus software, email filters and firewalls
- Implementation of security audits for network configurations and isolation of critical information systems that cannot be updated
- Auditing networks using RDP and closing unused RDP ports
To learn more about computer security risks, malware, vulnerabilities and information technologies, feel free to access the International Cyber Security Institute (IICS) website.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.