Zero-day Attacks on Windows XP will Increase after Support Deadline: Fortinet

Computerworld December 2, 2013
Zero-day Attacks on Windows XP will Increase after Support Deadline: Fortinet

Hackers, already in possession of zero day exploits, will wait until April 8, 2014 in order to sell them to the highest bidder.

According to FortiGuard Labs’ 2014 threat predictions, zero-day vulnerabilities will be used by hackers to launch targeted attacks against organizations and individuals that continue using Windows XP beyond April 8, 2014.

Microsoft will end support for Windows XP on April 8, next year. This means that newly discovered vulnerabilities will not be patched, leaving systems around the world vulnerable to attacks, the report says.

According to NetMarketShare, as of September 2013, Windows XP is still used on 31.42 percent of PCs in the world. According to Gartner, by the time April 8 rolls around, it is estimated that more than 15 percent of mid- to large-sized enterprises will still have Windows XP running on at least 10 percent of their PCs.

“Next year, we predict hackers, already in possession of zero day exploits, will wait until the 8th April in order to sell them to the highest bidder. Because of their expected high price tag, these zero days will likely be used to launch targeted attacks against high-value businesses and individuals rather than deployed by common cybercriminals in order to propagate mass infections,” said the researchers at FortiGaurd Labs.

Also read: Scaring Banks to Upgrade From Win XP, the Microsoft Way

The report also predicts that Android malware will expand to industrial control systems and Internet of Things.

As sales of mobile phones likely plateau in the coming years, Android developers are being tasked to find untapped markets for the Google operating system. A few of these emerging markets include tablets, portable game consoles, wearable devices, home automation equipment and industrial control systems (ICS/SCADA).

Next year, researchers predict that there will be first instances of malware on these new device types, specifically around embedded ICS/SCADA systems. While they don't expect to see a "mobile-Stuxnet" in 2014, cybercriminals will be attracted to platforms that go beyond common SMS fraud. The report says this includes new home automation devices that have control over our electrical consumption, the temperature of our fridges, etc. and feature software with remote login control panels to show/confirm who may be at home at a given time. This is bound to give cybercriminals new and nefarious ideas around how and when to rob someone’s home.

Source:

LATEST NEWS