Cybercrime Rule #1: Machines Are Hard, People Are Soft
By Ian Trump, Security Lead, MAXfocus
MAXfocus’ Ian Trump wonders why the predicted open season on Windows Server 2003 machines has failed to materialize.
It’s 2016, and in July 2015 we had all kinds of warnings about the end of Windows Server 2003 (W2k3). However, despite the prognostications of folks such as myself, W2k3 has not gone out with a cybercrime bang. It’s interesting to me this unsupported operating system is still in service in great numbers. Despite weaknesses such as the recently disclosed help and support center vulnerability, which can only be mitigated if specific steps are followed, there has been nothing to indicate a targeted cybercrime attack on Windows 2003 has occurred or is even imminent. Certainly the trend lines we saw in the IT press showed a concerted effort to migrate the OS to something newer.
The question remains, why has a large-scale, automated attack not occurred? There could be a number of answers to this question, but I think the central argument may be this: Attacking old servers is not sexy — attacking specialized systems like POS end-points and IoT is far more interesting and ultimately financially rewarding.
Please log in or register below to read the full article.
Get unlimited access to:
Enter your credentials below to log in. Not yet a member of VAR Insights? Subscribe today.