Trying to get into the mind of a Cyberattacker can be a difficult task to accomplish. Every hacker is unique with their particular mindset, their motives, level of intelligence and covertness, their training, you name it. Probably the nest group of people who can actually do this are the Penetration Testers themselves, who did it legally and ethically.
But even then, it is no guarantee in that either. The primary reason why we want to get inside the mind of a Cyberattacker is to see how they will plan their next move or even moves. Heck, there are even Machine Learning and even Artificial Intelligence programs out there that are trying to mimic this thought process.
All we can do in this cat and mouse game is to look for general trends in both behavioral and attack signatures. But amongst the Cybersecurity professionals, there is one new trend that is being noticed, and in fact it is even something I have written about in previous blogs. And that is, the Cyberattacker is starting to resort to the older, more traditional ways of launching their threat vectors.
One primary example of this is trying to find vulnerabilities, holes, and weaknesses in systems that either have not been patched or are running totally outdated software applications. After all, these are much easier trapdoors in which to break through, and difficult to notice once the Cyberattacker is in.
In fact, according to recent survey conducted by a Cybersecurity firm known as “Avast” entitled the “PC Trends 2019”, it discovered that there are still millions upon millions of computers, workstations, servers, and even wireless devices that are still running outdate applications and/or don’t have the latest security patches and upgrades installed onto them.
The report can be downloaded in its entirety at this link:
Here is a summary of the top 20 outdated software applications that both Corporate America and individuals alike still run:
*VL Media Player;
*The Java Runtme Environment versions 6-8;
*DivX Plus Web Player;
*Nitro PDF Professional 9;
*GOM Media Player;
*The Java Runtme Environment version10;
*Nitro PDF Professional 10;
*Mozilla HP Photo Creations.
When you further analyze this list, it seems like that the Adobe software packages and its related components seem to be the most outdated. This really comes to of no surprise, as in recent months (I think starting in the Fall of 2018) Adobe has been releasing software patches and upgrades on masse in order to fix their Security related issues.
Also, second down the line are the Open Source Platforms such as Mozilla and Firefox. I don’t use their applications, but I know for sure that they are constantly upgrading their stuff. If you use their stuff heavily, you should conduct a Google search on them to see where you can download the latest patches.
One of the nice things about Open Source software app upgrades is that they are quick to download and install (unlike Windows, which is the next sore point I bring up).
According to the report as well, 15% of those computers still running Windows 7 are totally outdated, and 9% of those computers running Windows 10 are also totally outdated. As much as you hate or love these versions of Windows, it is completely imperative that you keep them upgraded with the latest patches. After all, you don’t want to be a victim of Wanna Cry, do you?
This is the ever-infamous Ransomware Attack that took hold of millions of computers worldwide which took advantage of a blaring weakness in the Windows Operating System, even after Microsoft had claimed that it had fixed the problem by providing the necessary updates and patches.
My thoughts on this?
I really can’t speak for the top 20 list just described, but from own personal experience, I think I know why people simply just don’t want to upgrade their Windows 10 machines. The process is very long and cumbersome, and you never know when your computer is going to shut down to install that. One of the best examples I can give are those of both my work and personal laptops.
With the former, it took literally 6 solid hours for the update process to be completed. With the latter, there have been many times I have flipped it open to start working on a writing project, and the screen shows the following: “Getting ready to install Windows Updates…do not turn off your computer”. I have had this process go on for two hours or more at times.
Then, there are those times that you need to shut down your laptop for a period of time, but you can’t, because Windows 10 wants to do its crazy updates. The whole thing is so frustrating and infuriating, you just feel like throwing your laptop out of the window (I haven’t come to that point yet).
Another interesting point brought out by the report which never occurred to me is that people in general tend replace their wireless devices more often (almost every two years) than with their ow computer (the average age of the computer of which most people use is six years old). This is another reason why the software apps on the computers are not upgraded when need to be.
The end user is probably thinking that this yet another nuisance, and they will worry about it when they just purchase a brand-new machine. Probably the easiest way to keep track of the software upgrades you need is to keep an inventory of all of the applications that are installed on your computer.
Determine the vendor of each one, go to their website, and see if you can set up a text or E-Mail based alert system of the latest patches that you need to download.
Note that this includes all applications, even the ones that you don’t use on a frequent basis. They key thing to remember is that everything is at risk!!!
It is also important to remember that even the respective software application patches are released, there will still probably be some bugs in them as well (Windows is the most notorious for this). So yes, you also need to keep your eye for patches to keep the existing patches updated as well.
Even after doing all of this, there is still no guarantee that you won’t get hacked into. But keep in mind that if a Cyberattacker sees a well-fortified machine, they will likely skip that and move onto the next target. After all, they don’t want to waste time on one, when there are billions of other targets that they could go after.