A new security report released by AV-Test showed some startling, but not surprising, malware statistics. The key takeaway from the study: Computers that run Windows are most prone to attacks by hackers. The AV-Test report discovered that 114 million new pieces of malicious programs were developed in 2019, and 78.64 percent of all attacks were distributed on Windows systems. The study probably isn’t shocking to MSPs who battle these types of vulnerabilities continuously.
“AV-Test’s findings are not surprising. It would be like saying the most frequent target for chicken nugget thieves is McDonald’s,” says Larry Borden, an independent cybersecurity consultant in El Paso, Texas, who reviewed the report after it was released. “It’s not earth-shattering news that Microsoft is prone to attacks.” Linux, Mac, and other OS options are not without their own vulnerabilities, Borden adds, but because of its ubiquity, Windows is where hackers concentrate most of their efforts.
Borden advises that the best defense against hackers is understanding who is behind them and their objectives. It doesn’t take much digging to find the motivation: money.
“Malware is a business, and that is why Windows is always in the hacker’s crosshairs,” Borden says.
Borden points out that most hackers are professionals, and the viruses are written with specific goals, usually to obtain financial information, data, passwords, or other authorization codes. “A lot of people still cling to the idea that hackers are bored college kids operating out of their dorm, but that isn’t true,” he adds.
“Malware is an immensely profitable business, and when something is profitable, it becomes like a gold rush,” Borden states. “And just like in a gold rush, eventually, there are too many prospectors and the market collapses, but we aren’t there yet.”
“There are still plenty of people clicking phishing emails that they shouldn’t, or falling prey to deep fakes that are chillingly realistic,” Borden notes.
How can MSPs protect Windows’s weaknesses?
Borden says that part of the problem is that Windows is a victim of its own success. Many security professionals, Borden points out, take for granted that security is baked into Windows. The “Windows-is-safe-because-it’s-Windows” mantra, of course, isn’t true. Windows has plenty of security features, but there are also a lot of vulnerabilities (as evidenced by frequent patch alerts).
“Many MSPs, who fight battles on so many fronts, can get lulled into a false sense of security by just the veneer of reliability Windows offers. And while Windows is my preferred operating system, I try not to get lulled,” Borden says.
Here are some recommendations Borden advises that MSPs should implement to guard against Windows vulnerabilities:
- Patching: Many times, Borden explains, hackers will launch massive attacks using an all-encompassing list of vulnerabilities. The patching recommendations issued by Windows are necessary, but they are also handing hackers roadmaps to vulnerabilities. So it often becomes a race, Borden adds, between the good guys applying the patch and the bad guys trying to exploit the weakness before it is applied. Often, the bad guys win. So it’s not good enough to patch; you have to patch fast, as in as soon as the patches are announced.
- Third-party software vulnerability: Of course, Windows is used in the bulk of systems, but that doesn’t mean there isn’t plenty of other software in use that isn’t Windows. “MSPs need to know what is in use in a client’s network so that any vulnerabilities can be identified and rectified,” Borden advises.
- Guest accounts: Borden says, “You don’t need them,” because they are “too risky” as a backdoor for hackers.
- Check to ensure restore points are set: “Even the most diligent MSPs can get tripped up by this one. And even if you have set restore points, these can get changed. People can go in and inadvertently alter this. You want to make sure that a couple of times a year that restore points are set,” Borden notes.
Linux remains vulnerable too
Sometimes the same vulnerabilities plague both Linux and Windows, such as the BootHole vulnerability discovered this summer.
A newly discovered serious vulnerability, for instance, that affects most Linux and Windows installations, including servers, opens the door to hackers to run riot.
Borden explains that the “BootHole” flaw lives in the GRUB2 bootloader utilized by most Linux systems. GRUB2 is the first software program that runs when a computer starts, or boots up. With Linux installations, it’s responsible for loading and transferring control to the operating system kernel. BootHole seizes upon a vulnerability in GRUB2, which allows hackers to commandeer a system and gain near-total control.
“The takeaway is that while Microsoft has vulnerabilities, all operating systems do and MSPs can never let down their guard,” Borden concludes.
Photo: Ton Snoei / Shutterstock