Preventing Cyber Attacks with OS Updates
Why should you be concerned with the server OS update? A server operating system, also known as server OS, helps in simplifying and expediting the typical functions of a server. This very system though has become a target of cyberattackers as attacks on servers give them more payoffs for their efforts.
IT operations rely heavily on the server. It’s where your organization’s digital data is archived and it’s where all the computers or staff workstations are linked.
Security vulnerabilities in a software, including the server OS, isn’t uncommon. It’s an accepted reality in the software development community that code is never released free of error. The industry average number of security vulnerabilities for every 1,000 lines of code range from 15 to 50, this according to Steve McConnel in his book Code Complete: A Practical Handbook of Software Construction, Second Edition.
“These errors, or bugs, generally occur due to trade-offs in areas such as time, features and cost …,” Lloyd’s and Cyence, in the report “Counting the cost Cyber exposure decoded”, said. “These bugs are frequently the mechanisms leading to vulnerabilities through which malicious actors can obtain the ability to bypass safeguards or misuse systems outside the intended purpose.”
Software makers and security researchers (also known as ethical hackers) are continually at odds with malicious hackers in searching for security loopholes in software. Software companies have bounty programs – giving monetary rewards to security researchers who can identify and report directly to company security loopholes in software.
A security update, also known as a patch, is a piece of code inserted (patched) into an existing software program in order to fix identified security vulnerability.
Windows Server commands the largest server OS market. The phrase “Windows Server” is a collective name used for the operating systems developed by Microsoft for small and midsize organizations. Microsoft’s earliest server OS under the group Windows Server is Windows Server 2003. The latest version, the Windows Server 2016, is cloud-ready, that is, data can be moved easily to the cloud through this latest version.
While Microsoft has released the latest version of the Windows Server, many organizations still use the old versions of Windows Server. For instance, during the WannaCry ransomware attack in May of this year, many organizations still used Windows Server 2003 even though Microsoft ended its support or security updates on July 14, 2015.
An absence of regular updates from the software maker leaves the users vulnerable to cyberattacks. Even the latest version of Microsoft’s Windows Server 2016 needs security updates.
“The gap between the availability and the actual implementation of such patches is giving attackers an opportunity to launch exploits – that is, time to operate within a network that could have blocked their entry with a simple software patch,” said Cisco in its 2016 Midyear Cybersecurity Report.
“Hitting Two Birds (Or More) With One Stone”
Cyberattackers see the benefit of attacking a server OS as this means of attack can severe not just one computer but several computers, considering that a number of computers or workstations are connected or linked to a server.
The ransomware WannaCry and NotPetya (also called Petya) locked out a combined hundreds of thousands of computers in the middle this year. Both ransomware demanded from their victims a ransom payment – to be paid in bitcoin – to unlock the affected computers.
Both ransomware exploited the vulnerabilities of Windows operating system, including Windows Server 2003. WannaCry exploited the Windows OS vulnerability called “EternalBlue”, while NotPetya exploited the Windows OS vulnerability called “EternalRomance”. EternalBlue and EternalRomance are two of the more than a dozen hacking tools publicly released in April 2017 by the group calling itself the “Shadow Brokers”.
Both WannaCry and NotPetya wreaked more havoc than other malware because of their worm-like capability. Once a server OS is infected by either WannaCry or NotPetya, the malware replicates or self-propagates itself and spreads quickly to other computers or workstations connected to the server.
“With worm capabilities, ransomware attacks can have implications beyond endpoint security, introducing challenges to enterprise networks,” Microsoft in the blog post “Ransomware 1H 2017 review: Global outbreaks reinforce the value of security hygiene” said.
Both WannaCry and NotPetya are preventable cybermenace. On March 14, 2017, Microsoft issued a security update, patching the EternalBlue and EternalRomance vulnerabilities. Organizations using then Windows Server 2003 were particularly vulnerable to WannaCry ransomware as Microsoft ended its security updates for this server OS on July 14, 2015. After the May 2017 WannaCry attack, Microsoft made an unusual security update to Windows Server 2003, fixing then the EternalBlue and EternalRomance vulnerabilities.
A shift to the latest version of server OS and installing the latest software update, therefore, could have easily prevented the WannaCry and NotPetya ransomware attacks. Yet, many organizations still haven’t shifted to the latest version of server OS and continually failed to install software updates.
Top Reasons Why Organizations Refuse to Shift to Latest Server OS Version & Install Software Updates
Many organizations knowingly refuse to shift to the latest version of server OS and install the latest software update for the following reasons:
One of the top reasons why organizations fail to shift to the latest version of server OS is because it’s an added cost and many don’t see this as one of the top priorities. As it’s not seen as a top priority, it’s always pushed back in terms of budget allocation.
2. Fear of Functionality Change
Some updates carry with them changes in functionalities and many users don’t want that. Many people don’t want to modify their routine behavior. This fear of functionality change adds layer to the existing patching challenges.
3. Business Continuity Issue
Updates for non-server operating systems are easier to apply than updates for server OS. A server OS update needs to be well-planned in order not to cause business continuity problems.
At GenX, we offer server OS update services, including:
- Setup of new operating system on company server, or upgrading previous ones
- Testing and verification of system data post-upgrade
- On-site physical deployment of server equipment
- Implementation of virtual spaces for increased server operation efficiency
Call us today to improve your cyber security posture.