Thursday, January 21, 16:43
Home security As long as the technologies reach their EOL, the hackers are waiting

As long as the technologies reach their EOL, the hackers are waiting

A recent outbreak of cyber-attacks against web commerce sites using Magento 1 underscores the importance of having a security strategy for technology that has reached the end of its life (EOL) or is no longer supported by its vendor.

Adobe announced in September 2018 that support for Magento 1 will expire in June 2020, giving organizations ample time to move to Magento 2 or do other settings for protection of electronic websites trade their. However, this warning did not prevent a number of companies from "sticking" with Magento 1: about 100.000 entities are still using the old version.


The same goes for Windows XP, which Microsoft "gave up" in 2014, but is still used by 30% of computers worldwide, according to Net Applications.

"I call it the tsunami of the past," said Setu Kulkarni, vice president of strategy and business development at WhiteHat Security. "The software or software service (ie API) may reach its end life because the organization no longer invests in it. "But that does not mean that users stop using it."


This does not mean that there are no good reasons to cling to technology that has reached EOL or EOS.

For example, systems and software interaction can push some companies to be discouraged when they move away from technology that has reached EOL.

Construction companies, electricity companies and other infrastructure organizations will continue to use the technology beyond EOL or EOS because it is too expensive. Similarly, health care providers may have EOL-related software on medical devices, such as a very expensive MRI machine that is still three years old but running with Windows XP.

There are other thoughts. If, for example, the product at the end of its life cycle is more up-to-date than the new and less tested products, or if all known vulnerabilities have already been fixed or if the body has adequate mitigation knowledge, then it could be said that the old product is more "safe" than a newer product, where new vulnerabilities are likely to be discovered on a regular basis. future, said Kedgley.

Risk assessment

Users may be exposed! "The main problem is staying without security patches," Kedgley said. "The vulnerabilities discovered after the end of their lives will never be fixed, with every hacker knowing where they are."

Renfrow also noted the "very large list of software defects found in products every day" that do not disappear once support is complete. The difference is that developers will not necessarily provide patches. The WannaCry, which reported the use of Microsoft EOL software worldwide, was what Renfrow calls an exception: “Microsoft has released a information code for these software versions that were EOL. This is a rare example of support for EOL software. ”

John Yun, vice president of marketing at AppOmni, said the new technology comes with "new and better features security"without which the organization could not gain a leading position in security," he said. "Failure to take advantage of new opportunities can have dire consequences."

While companies can challenge the whole thing with EOL technologies, hackers pay attention to systems that are on EOL or EOS, so companies need to do the same - and that means making plans.

Justin Kezer, CEO at nVisium, said companies should monitor all their assets with their dependencies. "This is the starting point for us to be able to plan what needs to be replaced or updated and when," he said.

Ideally, they should "plan to move to the 'latest' platforms that are always the safest and best supported," Kedgley said. But if this is not the case then maybe they can do just that - they can do it.


Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehc
Be the limited edition.


Biden: How was the political transition in the US captured on social media?

As Joe Biden was sworn in as President of the United States, this important political transition was captured on popular social media. On January 20, ...

CentOS ceases to be supported but RHEL is offered for free

Last month, Red Hat caused a great deal of concern in the Linux world when it announced the discontinuation of CentOS Linux.

Microsoft Office 365 employee passwords leaked online!

A new large-scale phishing campaign targeting global organizations has been found to bypass Microsoft Office 365 Advanced Threat Protection (ATP) and ...

COSMOTE and Microsoft provide new cloud solutions for businesses

COSMOTE and Microsoft expand their cooperation, offering even more advanced and high quality cloud solutions, in large and small ...

Cyber ​​attacks in Eastern Europe are on the rise!

The cyber-attacks that have taken place in many US government agencies and companies in recent months have caused concern in the developing countries of ...

Tesla reduces the prices of the Model 3 in Europe

Tesla has reduced the prices of the Model 3 in many European markets, which reductions could be partly linked ...

iOS, Android, XBox users in the crosshairs of a new malvertising campaign

Recently a new malvertising campaign was discovered that targets users of mobile and other connected devices and uses effective ...

Microsoft: "Zero trust" protects against sophisticated hacking attacks

According to Microsoft, the techniques used by the hackers of SolarWinds, were sophisticated but common and preventable. To avoid future attacks ...

US: Twitter locks Chinese embassy account due to "dehumanization"

Twitter said it locked the account of the Chinese embassy in the United States for a tweet about its women ...

Ransomware victims pay a ransom to prevent their data from being leaked

Keeping backups is very important, especially in cases of Ransomware attacks. However, it seems that the hackers are using new methods, with ...