Goodbye Windows 7 – today, January 14th 2020, is the day that Microsoft officially ends security support for Windows 7 computers. This means that PCs still running the decade old operating system will no longer be receiving security updates from Microsoft. According to NetMarketShare’s statistics, 1/3 of PCs around the world are still running Windows 7.

Microsoft urges all of these users to update to a newer operating system, either Windows 8.1 or Windows 10 in order to stay protected against malware threats such as ransomware. Sensitive personal information on your home or business PCs are at risk of exposure.

It’s not all bad news – Google has said that it will continue to release updates for its Chrome browser for Windows 7 until 2021. However, this by no means covers all security bases, and migrating to a newer operating system is still the best option in terms of cybersecurity.

If upgrading is not an option, follow these best practices to keep yourself protected:

For businesses still running Windows 7, your employees are the first line of defense against malware. One of the most common methods of infection is through malicious links in fraudulent emails – a strategy known as phishing. By education your employees with frequent seminars on current threats and phishing telltale signs, you can minimize the likelihood that malware can infiltrate your network. If you would like an overview on some of our recommendations against phishing, you can check out our article on the topic here: Phishing Scams – What are they and how can you protect yourself?

For both businesses and consumers, it is important not to store sensitive information such as credit card data on your Windows 7 PC. Furthermore, avoid using online banking apps on Windows 7 PCs.

Don’t fully rely on your Windows 7 PC’s storage. Keep backups of your important data in a separate location – either on an external hard drive, a USB, or on another PC. Some types of malware, such as ransomware, locks user data behind a ransomwall, demanding payment for its release. Once a computer is infected with ransomware and the data is encrypted, it cannot be read unless it is decrypted with a key only known by the attackers.

If you would like to learn more about the dangers of staying on Windows 7, you can visit our page here, or email any questions to info@gige.ca

To protect yourself from ongoing BlueKeep exploit attacks, Microsoft urges users with systems running Windows 7, Windows Server 2008, and Windows Server 2008 R2 to update their operating systems.

BlueKeep is a vulnerability with the ‘worm’ capability. This means that the malware can spread itself to other vulnerable computers on the network without additional input from the victim, making this type of malware particularly dangerous.

An example of the ‘worm’ malware is WannaCry, which was able to globally infect over 100 000 computers within a 24 hour period in 2017 due to its worm capability.

 

Ongoing BlueKeep Exploits

To detect malware on the internet, Cybersecurity professionals often set up ‘honeypots’ – decoy computers that are designed to study cyberattack methods by baiting attackers into infecting them with malware.

On October 23d, cybersecurity researcher Kevin Beaumond noticed that honeypots that he had set up around the world were crashing and rebooting themselves with increasing regularity. Hutchins, another cybersecurity researcher, confirmed that the reboots were caused by the BlueKeep exploit.

Upon further investigation, Hutchins also discovered that the BlueKeep exploit that was detected had the goal of installing a cryptomining malware on infected PCs. You can learn more about cryptomining in our article here.

 

What are steps that you can take to protect yourself?

Keep your system Updated

The most effective way of protecting yourself from BlueKeep exploits is by keeping your PC up-to-date. Security engineers are constantly detecting repairing security vulnerabilities in their software. It is essential that you download security patches from your software manufacturers in order to protect yourself from publicly known dangers.

Disable RDP

Remote Desktop Protocol (RDP) is a Windows feature that allows for a computer to remotely connect and control another PC. It is useful for IT management and remote troubleshooting, but can also be a security liability. BlueKeep exploits RDP in order to infiltrate PCs, so it is important to keep this feature turned off to protect yourself.

Don’t fall victim to cyberattack. We can help you protect your company from cyberattacks such as the BlueKeep. Call us at +1 888 366 4443 or email us at info@gige.ca to get started immediately.