Professional Documents
Culture Documents
Windows
Windows XP has reached the end of its
life – what are the implications?
VOLKER JUNG, ANTHONY BYATT – Microsoft’s successful no new patches and no active support. The effect of this
and very popular Windows XP operating system is now is that XP will slowly become unsecure, unreliable and
well over a decade old. While about 30 percent of Win- incompatible with most newly released IT hardware, such
dows users worldwide still rely on XP, an operating as PCs, PC components, network equipment and printers.
system as old as this cannot be supported forever. In other words, the end of the XP era is affecting many
Accordingly, Microsoft ceased XP support on April 8th, industrial applications and requires a proactive response
2014. This means there are no new security updates, from users.
− Security
Freelance Freelance systems (V6.2 – V9.1)
− Compliance
− Lack of independent software
Power Generation
vendor support Portal/Tenore
All Windows-based versions
A
trollers used to control machinery. user behavior through keyloggers or other
t one time, the idea of running spyware; activate a webcam; access con-
an industrial application using Since Stuxnet, the target-rich landscape of fidential information; format drives; delete
Microsoft Windows would not industrial IT has been under a sustained or alter files; and so on.
have been entertained. How- assault that has grown ever more sophisti-
ever, when Microsoft introduced their Win- cated. For example, the so-called watering In June 2014, the Havex malware family
dows XP operating system over a decade hole strategy has been devised as a way to made headlines by attacking control sys-
ago, industry sat up and took notice. Win- introduce malware into the target systems. tems in different branches of industry,
dows XP provided the stability, flexibility In this strategy, the malicious party guess- including the energy sector. A RAT is a
and functionality needed by many indus- es or observes which websites the com- main component of Havex. The RAT tro-
trial users and soon appeared in every pany often uses,
imaginable type of application. then they infect it
and sit back and An intruder can manipulate
However, all good things come to an end: wait for the victim
On April 8th, 2014 the Windows XP era to visit the site and authentic user profiles on a
concluded when Microsoft support for the
product ceased. Of course, Microsoft had
unwittingly down-
load malware onto
system to allow outsiders
given ample notice and companies had their computer. This access.
been preparing for the switch for some strategic Web com-
years. Yet many questions had to be an- promise (SWC) tac-
swered: Could a standalone XP system tic catches victims unawares because the janized websites of industrial control sys-
continue to run unaffected? What would infected websites have previously been tem (ICS) and supervisory control and
happen if the XP system was integrated trusted. data acquisition (SCADA) manufacturers.
into another system? Would new hardware In total, 146 servers were attacked by
be needed and what would be the cost of Further, an intruder can manipulate authen- Havex; 88 variants of the Havex RAT
this across the entire organization? What tic user profiles on a system to allow out- were used; and 1500 IP addresses were
would the budget for the switch likely to siders access. PC configurations can also traced in an attempt to identify victims.
be? Could virtualization fix the problem? be manipulated and PCs can then, for Clearly, Havex represented a serious
What support would be available to mi- example, become the homes of remote attack on industry.
grate over onto a new system? access trojans (RATs) – malware pro-
grams that give an intruder administrative In July 2014, the “energetic bear” virus in-
control over the target computer. RATs fected over 1,000 energy firms in Europe
Title picture
can be infiltrated into a PC via an email and the United States. This virus theoreti-
Microsoft support for Windows XP ceased on
April 8th, 2014. What are the implications for attachment. cally allows hackers to take control of
industrial users? power plants.