Dragging your feet on Windows 11 migration? Rising infostealer threats might change that
With the clock ticking down to the Windows 10 end of life (EOL) deadline in October, organizations are dragging their feet on Windows 11 migration – and leaving their devices vulnerable as a result.
New data from threat exposure management platform NordStellar shows that nearly six-in-ten systems affected by infostealers in December last year are still running Windows 10.
“The number of systems affected by infostealers closely mirrors the overall operational system market share — Windows 10 has been heavily targeted for years due to its popularity,” said Vakaris Noreika, a cybersecurity expert at NordStellar.
“However, it will have an even bigger target on its back in the wake of its end of life, which will eventually create new vulnerabilities.”
“Once an operational system reaches this deadline, it no longer receives any security updates, vulnerability patches, or support from the software creator. These vulnerabilities are widely known and often exploited — infostealers can be coded to target these weaknesses more efficiently, resulting in more effective attacks against outdated systems.”
Sticking with Windows 10 could have dire consequences
While the Windows 11 adoption rate has been rising steadily since last November, time is running out. Microsoft has made no secret of the changeover, and has repeatedly urged enterprises and consumers alike to make the shift to the newer operating system.
Failure to do so could have dire consequences, Noreika warned, with enterprises leaving themselves open to an array of threats.
“Migrating to a new operational system takes time — based on the current adoption rate, we estimate that approximately 30 to 40% of systems may still be running Windows 10 when it reaches end of life in October, creating a substantial attack surface for cyber criminals,” said Noreika.
The situation may mirror that of Windows 7, which still had a 23% market share six months before its end of life – and 20% when the deadline hit. Even now, according to NordStellar, it holds a 2% market share and is still being targeted by infostealers.
Meanwhile, infostealers aren’t the only risk for future Windows 10 users, with malware and new data exfiltration and exploitation techniques on the rise.
“Considering just how many enterprises might still be running Windows 10 after its end of life, there’s a high possibility that we’ll see a growth in various cybersecurity incidents if businesses continue to delay migration,” said Noreika.
“Taking into account the financial and reputational losses that come with a data breach, delaying migration can be a decision that eventually costs the company millions of dollars and their client’s trust, which will take years to regain.”
Users seeking to continue with Windows 10 can fork out for extended security updates (ESU), which provide critical security updates for up to three years after the official EOL date.
But they don’t come cheap, at $61 per device for the first year, doubling every year to $122 per device in year two and $244 in year three. Nor do they include ongoing technical support.
MORE FROM ITPRO
TOPICS
Source link
