ATLANTA — SECURITYWEEK 2019 ICS CYBER SECURITY CONFERENCE — Outdated and unsupported operating systems are still present and they still pose a serious risk in many industrial organizations, according to a new report from industrial cybersecurity firm CyberX.
The company’s 2020 Global IoT/ICS Risk Report is based on data passively collected by CyberX from over 1,800 networks around the world between October 2018 and October 2019. It’s worth mentioning that the previous annual risk report from CyberX was based on information from roughly 850 networks.
According to the latest data from CyberX, 62% of analyzed sites house devices running outdated and unsupported versions of Windows, such as Windows XP and 2000, and the percentage jumps to 71% if Windows 7, which reaches end of support in January 2020, is also included.
The use of Windows versions that no longer receive security updates poses a serious risk as it allows attackers to compromise systems using vulnerabilities for which details and PoC exploits are often publicly available. Moreover, the company pointed out, even if Microsoft releases patches for unsupported versions of Windows to address high-risk flaws, as it did in the case of the BlueKeep vulnerability, it may not be easy for an organization to deploy the patch on industrial systems.
CyberX says it frequently finds malware on production networks, and unsupported or unpatched Windows devices significantly contribute to this.
The company identified suspicious activity in 22% of the sites it monitored. Suspicious activity can include scans, abnormal HTTP headers, known malware, and an excessive number of connections between ..
Support the originator by clicking the read the rest link below.
