Home STAY CURRENTArticles Why is it Crucial to Secure Legacy Software

Why is it Crucial to Secure Legacy Software

by CISOCONNECT Bureau

Sometimes legacy softwares can be vulnerable and serve as potential fodder for cyberattacks. Read on to know more about it…

Today’s hackers enjoy a target rich environment — couple of years back there were more than 15,000 known Common Vulnerabilities and Exposures (CVEs). When legacy softwares were developed, these applications may have been on top of then-current cybersecurity practices. But with the passage of even a short time, the threat landscape evolves while many legacy systems get left behind.

Legacy or obsolete software, which stops receiving security updates after it reaches the end of life, can serve as potential fodder for cyberattacks. Despite this well known security risk, several firms continue to operate outdated software.

The Concern
A primary reason for maintaining legacy systems, especially in large enterprises, is related to the upgrading cost. The perceived cost in time and money to update systems is often seen as greater than the risks of utilizing the End-of-Life (EOL) product. In some cases, internal software has been custom-built for a specific purpose but is no longer updated by the original creators.

Legacy systems may be incompatible with security features surrounding access, such as multi-factor authentication, single-sign on and role-based access, or lack sufficient audit trails or encryption methods. Whatever the reason, these systems are unable to accommodate today’s security best practices.

Recent Attacks
Regardless of the rationale, ignoring the EOL or End-of-Service (EOS) warning can leave organizations open to a variety of unforeseen cyberattacks. The following are some of the recent attacks.

Fullz House threat actor group hacking BOOM! Mobile website by exploiting an old version of PHP that is no longer supported. This enabled hackers to steal personal information of users visiting the website. The compromise of around 2,000 online stores running outdated Magento CMS version1 to steal payment details of users. This Magento version had reached EOL on June 30, 2020.

A widespread phishing attack campaign that pretended to put pressure on enterprise employees to upgrade their Windows 7 system through a fake Outlook login page. Researchers at Cofense stated that the attack was an outcome of the companies’ failure to conduct due diligence. Microsoft had announced an end to support for Windows 7 on January 14, 2020.

Windows Legacy Software
In a major mishap, source code for Windows XP and Windows Server 2003 was leaked on various online platforms. The collection, furthermore, included the source code for Windows XP SP1, Windows Server 2003, MS-DOS, Windows CE, and Windows NT.

Although Windows XP was officially deprecated in 2014, it is still used in 30% of PCs worldwide and the NHS is among those at risk. In the worst-case scenario, this can lead to cyberattacks similar to those experienced in 2017 due to WannaCry ransomware.

Concluding Words
As cybercriminals are paying attention to EOL and EOS incidents, companies should have a sound plan to mitigate security risks related to outdated software. It is crucial for organizations to be cognizant of what needs to be replaced or updated and when. Additionally, having a foolproof software lifecycle project management system is crucial for avoiding EOL issues.

Recommended for You

Recommended for You

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Close Read More

See Ads