Skip navigation

Duo Security is now a part of Cisco

About Cisco

Industry News

Ransomware Poses a Threat to Out-of-Date Devices

Many malware attacks leverage known vulnerabilities present in outdated software, including outdated operating systems (OSs). Windows is a popular target, as many hospitals and other large enterprises run on the OS.

Many run an out-of-date version of Windows, which can allow attackers to install malware and cause a data breach. Part of the reason is, many hospitals have medical devices that run on older, embedded OSs, that manufacturers are slow to update, according to Ars Technica.

Other businesses have legacy applications and software that can only run on older OSs. Recently, it was reported that the U.S. Marine Corps is having difficulty migrating to Windows 10, according to the Federal News Radio.

Our challenges are with hardware, and hardware that is older than a couple years is having more difficulty accepting Windows 10 than hardware that is new. And when you look at what ‘new’ means within DoD, we purchase yesterday’s technology tomorrow. A lot of our brand-new systems are having difficulty with the upgrade as soon as they come out of the box, and we didn’t anticipate that. - Marine Corps CIO Brig. Gen. Dennis Crall

One type of malware that is leveraging outdated machines is ransomware - a type of malicious software that infects a computer, encrypts data, and can restrict users’ access to it until they pay the attackers a ransom in exchange for a decryption key. Typically, attackers demand that the ransom is paid in Bitcoin, a virtual currency that can be exchanged anonymously.

Sometimes, an attacker will infect one computer with ransomware and spread to other workstations connected to the same network, making it a nightmare for companies to contain the breach. In other incidents, attackers will make a backup copy of the original data, encrypt it, then delete the original.

Ransomware Attack

Ransomware Attacks Target Federal Government, Hospitals

Obviously, this can cause major disruptions in services - in one case that affected a hospital, staff was unable to use their email or patient record systems, forcing them to use paper and delaying medical services. One L.A.-based hospital paid $17,000 to regain control of their systems and the largest healthcare provider in Washington D.C. was forced to shut down much of its computer network, with a reported ransom of $18,500, according to Reuters.

There have been a number of recent ransomware attacks involving both hospitals and the federal government. Many others, including state and local governments, small and large businesses, school districts, etc. have also been targeted by ransomware, according to a recently released US-CERT article. Thousands of new malware modifications have been detected, increasing 14 percent in Q1 of this year, according to Kaspersky Lab.

According to NBC News, the U.S. House of Representatives was recently targeted by ransomware attacks, forcing the House Information Security Office to block access to its networks from Yahoo Mail accounts, a rather interesting response to phishing emails - to block the email carrier. They are also blocking access to Google Cloud services, and staffers are unable to post to social media networks.

So far, no word yet on whether or not any attacks have been successful, or what kind of data has been affected, nor if the House paid any ransom, according to The Intercept.

Updating Devices and Operating Systems to Prevent Ransomware

In the SANS.edu forum’s tips for stopping ransomware, they recommend fully patching systems, Java, Shockwave, Flash, and all software. Ransomware and other malware are delivered via exploit kits that rely on vulnerabilities on targeted machines in order to execute.

Flash Vulnerable

That includes vulnerabilities in older OSs. In an interesting article published by Threatpost, Diary of a Ransomware Victim, one of the largest operators in the gambling and entertainment business was targeted by attackers.

Although the casino’s CSO stated the 1,000-employee casino used firewalls, data center security, antivirus and network monitoring security controls, the attackers got in by targeting an external casino consultant employee’s Sony laptop, running Windows 7.

The phishing email contained a malicious JavaScript attachment masquerading as an invoice - when the consultant opened the attachment, it executed a payload with TeslaCrypt 3 ransomware. TeslaCrypt is one of the most frequently detected ransomware, at 58 percent, according to InfoSecurity-Magazine.com.

Sixty-Five Percent of Windows Devices Run Outdated OS

Recently, Duo conducted an analysis of our dataset of two million users that perform over two million authentication events daily using our two-factor authentication solution to find out how many are out of date.

2016 Duo Trusted Access Report You can see the full results of our data on enterprise device security health by downloading The 2016 Duo Trusted Access Report: The Current State of Device Security Health.

We found that only 35 percent of Windows users were running the latest OS, Windows 10 and one version earlier, 8.1, putting 65 percent of Windows devices at risk. Another two percent of enterprise devices were running on Windows XP and Windows 8 - which are unsupported by Microsoft, meaning they’re incapable of receiving security updates.

Duo Data: Out-of-Date Windows Devices

To find out how Windows users stack up compared to Mac users when it comes to security and other stats on device security health, download our free report.

Employing Endpoint Visibility to Remediate Outdated Devices

Many of the devices that connect to company networks that may also be outdated are personal smartphones, tablets, laptops and PCs used by employees when working from home or remotely. These types of devices aren’t issued by workplace IT, and therefore lack the same security management and oversight as IT-owned devices.

To gain visibility into which devices are running outdated OSs, plugins, browsers and other software, enterprises can employ an endpoint visibility solution that collects and reports data on each device that authenticates into their environment.

By detecting and reporting on out-of-date devices, you can then create custom endpoint policies and controls that notify, warn and block users from accessing your applications until they update - protecting against malware and ransomware that leverages known vulnerabilities to breach company networks.