Iranian Cyber-Attacks and the End of Support for Windows 7 and Windows Server 2008
Thursday, January 9, 2020
potential Windows Server 2008 cyberattack by Iran
Print Mail Download i

After the killing of Qassem Soleimani on January 3, 2020, by the U.S. government, the cybersecurity news industry has been abuzz about whether Iran will engage in cyber-terrorism, and if so, to what degree, as part of its pledge to strike back at the U.S. On January 5, Forbes reported that the first instance of Iranian cyber terrorism took place the day before. Hackers claiming to be associated with Iran defaced the home page of the Federal Depository Library Program website. The website was quickly taken down, but what do all this chatter and the possible increases of Iranian cyber-espionage mean for U.S. businesses?

The general consensus across multiple cybersecurity news outlets is that while Iran certainly has the capability to execute denial of service, malware, and phishing attacks, these types of attacks won’t garner the press response and spectacle the Iranians might desire. However, notably absent from any of the reports I have read so far is the imminent end of security patching for both the Windows 7 and Windows Server 2008 operating systems by Microsoft on January 14.  While most of the news reports anticipate an increase in ‘noisy’ cyber activity from Iranian and proxy hackers, there is little mention of how those hackers might exploit that upcoming end of support. Is it possible that the Iranians could leverage an ultimately unpatched vulnerability in Windows 7 or Server 2008 to achieve a disruption on a massive enough scale to garner the press attention they desire?

What is your organization doing to protect itself against such attacks? If you have not finished migrating from Windows 7 or Server 2008, extended security support is available from Microsoft for a fee. Are you considering geofencing Iranian and other Middle Eastern nation-states’ internet address space from your network? Most modern ‘nextgen’ firewalls have such capabilities with updatable databases of a nation state’s address space. Finally, are you educating your users and alerting them to be vigilant about suspicious emails and other phishing campaigns?

Copyright © 2024 Robinson & Cole LLP. All rights reserved.

Current Legal Analysis

More from Robinson & Cole LLP

Department of Justice Criminal Division Announces Voluntary Self-Disclosure Pilot Program for Culpable Individuals
by: David E. Carney , Danielle H. Tangorre
FTC Votes to Finalize Rule Banning Non-Compete Agreements Nationwide
by: Ian T. Clarke-Fisher , Trevor L. Bradley
Cisco Releases Updates to Vulnerabilities in Firewall Platforms
by: Linn F. Freedman
USPTO Issues Guidance on Use of AI Based Tools
by: Daniel J. Lass
California Trap & Trace Class Actions on the Rise in the Age of Website Trackers
by: Kathryn M. Rattigan
Aid Package Signed by President Biden Includes Divestiture of TikTok Requirement
by: Linn F. Freedman
Privacy Tip #395 – GM Faces Class Action for Collecting + Disclosing Drivers’ Data Without Consent
by: Linn F. Freedman
AI, Government Contractors, and Employment Discrimination
by: Data Privacy & Cybersecurity Robinson Cole
Chicago’s Application of Parking Regulations Violates RLUIPA
by: Eden (Hunter) Yerby
The Department of Education Releases Significant Revisions to Title IX Regulations
by: Kathleen E. Dion , Seth B. Orkand

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins