When the USS John McCain became the second naval ship to be involved with a deadly accident this summer, my first thought went to a potential cyberattack. Two important things to note here: First, the Navy has not indicated that there was a cybersecurity incident, and second, I always think something out of the ordinary is somehow related to a possible cyberattack. When you are so tuned into security news, it’s almost a gut reaction now.
We may never know if someone tried to hack into the Navy’s data infrastructure, but these accidents have brought to attention a possible serious security flaw. Is the Navy still using Windows XP as its operating system, even though Microsoft has long discontinued its support? A year ago, Sarah Laskow wrote an article for Atlas Obscura that highlighted just how far behind the Navy is in computing, pointing out that the goal is to have all of its computers updated to Windows 10 by 2020.
However, as Blake J. Darché, CSO and co-founder of Area 1 Security, pointed out, the United States Navy has built its technology platforms on Windows XP, adding in an email comment:
The likelihood of a successful attack against Windows XP is significantly higher than on other more modern operating systems. Older operating systems have more attack surface area, meaning there is a greater chance for a known or unknown vulnerability to exist. It is critical for organizations to migrate to modern operating systems.
This isn’t a problem that only the Navy is facing. Ransomware attacks like Wannacry and Petya targeted Windows XP and other outdated operating systems, taking advantage of their vulnerabilities. In fact, according to Fortinet’s Q2 2017 Global Threat Landscape report:
90 percent of organizations recorded exploits against vulnerabilities that were three or more years old. And 60 percent of firms experienced successful attacks targeting devices for which a patch had been available for ten or more years!
Moral of the story: If you are using outdated or unsupported OS and software, your risk of being targeted by hackers skyrockets. As Fortinet explained, by providing such an easy entrance point, hackers don’t have to develop anything new to break in; instead, they can focus on more sophisticated payloads that are harder to detect.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba