Tag Archives: cyber security news

LAW ENFORCEMENT AGENCIES ACROSS THE EU PREPARE FOR MAJOR CROSS-BORDER CYBER-ATTACKS

The possibility of a large-scale cyber-attack having serious repercussions in the physical world and crippling an entire sector or society, is no longer unthinkable. To prepare for major cross-border cyber-attacks, an EU Law Enforcement Emergency Response Protocol has been adopted by the Council of the European Union. The Protocol gives a central role to Europol’s European Cybercrime Centre (EC3) and is part of the EU Blueprint for Coordinated Response to Large-Scale Cross-Border Cybersecurity Incidents and Crises1. It serves as a tool to support the EU law enforcement authorities in providing immediate response to major cross-border cyber-attacks through rapid assessment, the secure and timely sharing of critical information and effective coordination of the international aspects of their investigations.

In 2017, the unprecedented WannaCry and NotPetya cyber-attacks underlined the extent to which incident-driven and reactive responses were insufficient to address rapidly evolving cybercriminal modus operandi effectively.

The EU Law Enforcement Emergency Response Protocol determines the procedures, roles and responsibilities of key players both within the EU and beyond; secure communication channels and 24/7 contact points for the exchange of critical information; as well as the overall coordination and de-confliction mechanism. It strives to complement the existing EU crisis management mechanisms by streamlining transnational activities and facilitating collaboration with the relevant EU and international players, making full use of Europol’s resources. It further facilitates the collaboration with the network and information security community and relevant private sector partners.

Only cyber security events of a malicious and suspected criminal nature fall within the scope of this Protocol; it will not cover incidents or crises caused by a natural disaster, man-made error or system failure. Therefore, in order to establish the criminal nature of the attack, it is fundamental that the first responders perform all required measures in a way to preserve the electronic evidence that could be found within the IT systems affected by the attack, which are essential for any criminal investigation or judicial procedure.

MULTI-STAKEHOLDER PROCESS

The protocol is a multi-stakeholder process and entails in total seven possible core stages from the early detection and the threat classification to the closure of the Emergency Response Protocol.

“It is of critical importance that we increase cyber preparedness in order to protect the EU and its citizens from large scale cyber-attacks”,  Wil van Gemert, Deputy Executive Director of Operations at Europol, said. “Law enforcement plays a vital role in the emergency response to reduce the number of victims affected and to preserve the necessary evidence to bring to justice the ones who are responsible for the attack.”

IT Act Amendment Bill to be tabled in ongoing winter session of Parliament

With social media gaining prominence, the Union Ministry of Electronics and IT has made amendments to Information Technology (IT) Act 2000, which is likely to be introduced in the ongoing winter session of Parliament.

A Cabinet note has been readied by the ministry. The note has already received a legal vetting from the law ministry, a senior government official told DNA Money. The Cabinet note is expected to come up for approval next week.

The Information Technology (Amendment) Bill, 2018, has already been listed in one of the upcoming Bills for consideration in the winter session.

The IT Act was last amended in 2008 and it’s been a decade since then. Technology has changed rapidly and with government’s thrust on digital India, cyber safety and data protection, there was a dire need of changes in the Act, the official said.

The current IT Act is a thoroughly outdated legislation. The last amendments were done in 2008, that were too less changes and all issues were not addressed. The amendments may include a framework for strengthening of cyber security standards.

Though the plans of introducing the data protection Bill in this session have been postponed.

The ministry had as many as 650 responses so far to the draft version of the data protection Bill submitted by Justice BN Srikrishna Committee in July this year. The Srikrishna committee had recommended storing one copy of all personal data in India, while critical information can be stored only locally.

However, the definition of ‘critical personal data’ has been left for the government to decide. It was open for public comments, but the inter-ministerial consultations are yet to be completed. The draft Bill had suggested measures for safeguarding personal information, defines obligations of data processors as also rights of individuals, and proposes penalties for violation.

Minister for IT and Electronics Ravi Shankar Prasad had earlier said digital medium has to be safe and secure to ensure equitable spread of benefits. India’s digital inclusion initiative is already being acknowledged globally. In less than five years, the government has made 307 government services available on the Umang platform and efforts are on to bring all central and state services on it.

HOW DISRUPTIVE TECHNOLOGIES ARE TRANSFORMING THE CYBER SECURITY LANDSCAPE

In this digital savvy world, what could be the most daunting nightmare of a technophile? Cyber-crime, evidently! Yes, online privacy and data breaches can shoot nervous breakdown of a tech-geek. And the way to ride out this issue is efficient cyber security, for sure! The nexus of techniques and tools to protect computer networks, programs, and data from illegitimate access or attacks is termed as cyber security.

With an influx of prevailing disruptive technologies such as artificial intelligence (AI), machine learning, and IoT, cyber security has attained yet another height of confidence in digital space. Rather than being a damage controller, it has become a prioritized commercial investment for a number of businesses. Organizations dealing in IT technologies in any form are enforcing artificial intelligence in the very security surface for enriched outcomes.

Observing the recent developments in AI, we can say that it can bring something great to the table. The technology has driven smart autonomous security systems which are able to learn themselves. Exploiting the flavors of machine learning and apt AI software, drawing the parallels alongside big data has become simpler. For a fact, AI algorithms are valuable for recognizing oddities from regular arrangements. The combination of cyber security and AI provides the path in creating a guideline of what is normal and what’s going wrong with the pattern. Other than this, AI with its supervised algorithms is capable of detecting threats on which they have been trained.

Advancements of such technologies in reference to global cyber security trends have played the role of market drivers as well.

Some of the major market players who have leveraged AI/ML for cyber defense are contributing significantly to the global plethora of cyber security. These tycoons are definitely setting the cyber security market stats to new bars. A recent report projects the cyber security market to be around $245 billion by 2023 globally.

In the next couple of years, the market size of cyber security is expected to show a positive acceleration in India as well. The country is amongst the fastest growing region for the cyber-companies and technologies which lures a hefty investment overall. India is undoubtedly well-geared in taking possible measures in securing networks across cyber space.

Widening the lenses, if we zoom into region-wise shielding for cyber-attacks, the US followed by Israel and Russia leads the strive for network security. The urge to survive in the rush of cyber-crimes has prepared these countries in the best way possible to discover and protect cyber threats. Canada, UK, Malaysia, China, France, Sweden, and Estonia are stationed next to them in curbing malware infections.

Cyber risk possesses a serious threat to a nation affecting the government, economic, organizational and citizen’s affair. Enterprises across the globe are emerging as countermeasure sheriffs for cyber-attacks. Understanding the certitude of network threats, cyber security is no longer a national affair, rather it has emerged out as an international concern where every commercial, non-commercial, governmental or non-governmental entity needs to adopt disruptive technologies to outperform profanity of malicious maneuver.

DLL Hijacking attacks: What is it and how to stay protected?

  • DLL Hijacking attacks are broadly categorized into three types – DLL search order attack, DLL side-loading attack, and Phantom DLL Hijacking attack.
  • For DLL hijacking attack to be successful, it would require an attacker to trick victims to open a file using a vulnerable application from a remote network location.

DLL Hijacking is an attack vector that could allow attackers to exploit Windows applications search and load Dynamic Link Libraries (DLL). If a web app is vulnerable to DLL Hijacking, attackers can load malicious DLLs in the PATH or other location that is searched by the application and have them executed by the application.

Types of DLL Hijacking attacks

DLL Hijacking attacks are broadly categorized into three types,

  • DLL search order attack
  • DLL side-loading attack
  • Phantom DLL Hijacking attack

DLL search order attack – If Windows OS search for the malicious DLL path in a specific order then it is DLL search order attack. Therefore, a malicious DLL can be placed in the search order, and the executable will load it.

DLL side-loading attack – DLL side-loading attack leverages WinSxS directory.

Phantom DLL Hijacking – Phantom DLL Hijacking attack uses very old DLLs that are still attempted to be loaded by apps. Attackers use this tactic and give the malicious DLL name in the Search Path and the new malicious code will be executed.

How does it work?

For DLL hijacking attack to be successful, it would require an attacker to trick victims to open a file using a vulnerable application from a remote network location. If the vulnerable application tries to load an external DLL from the same location, the attack will most likely be successful.

Examples of DLL Hijacking

Example 1 – Farseer malware employs DLL sideloading technique

Unit 42 research team recently uncovered a new malware dubbed Farseer that frequently-targets the Microsoft Windows operating system. Farseer malware leverages the ‘DLL sideloading’ technique to drop legitimate, signed binaries to the host. The malware uses ‘DLL sideloading’ to evade detection from antivirus software.

Example 2 – KerrDown distributed via DLL side-loading

Researchers recently spotted a custom downloader ‘KerrDown’ which is used by the OceanLotus threat actor group to infect victims with payloads such as Cobalt Strike Beacon.

OceanLotus was responsible for multiple attack campaigns against private sectors across multiple industries, foreign governments, activists, and dissidents connected to Vietnam.

Ocean Lotus threat actors leveraged two methods to deliver the ‘KerrDown’ downloader to the victims

  • Microsoft Office document with malicious macro, and
  • RAR archive which contains a legitimate program with DLL side-loading.

How to stay protected?

  • Researchers recommend enabling SafeDllSearchMode to prevent attackers from exploiting the search path.
  • It is also recommended to ensure that only signed DLLs are loaded for most systems process and applications.
  • In order to avoid DLL Hijacking, it is best to write secure code for loading DLL from specified path only.

Cybercriminals leverage ‘Fake CDC Flu’ warning to distribute GandCrab 5.2 ransomware

  • The attack begins with users receiving a fake CDC email.
  • In order to make it less suspicious, the email is distributed under the subject line of ‘Flu Pandemic Warning’.

The infamous GandCrab is back in a new phishing campaign. Here, the attackers are using fake Center for Disease Control (CDC) warning to distribute the GandCrab 5.2 ransomware onto the victims’ systems.

How does it work – As per My Online Security, the attack begins with users receiving a fake CDC email. In order to make it less suspicious, the email is distributed under the subject line of ‘Flu Pandemic Warning’. However, a close look reveals that the email comes from a sender ‘Peter@eatpraynope[.]com’ which has nothing to do with the CDC.

“To confuse the issue even more the subject line was written in what looks like a mix of cyrillic & western characters & encoded in UTF8 format so a computer will automatically translate / decode it. When I first tried to post this, I got a garbled mess of characters in the url to this post where the Copy & pasting from the email picked up the utf8 format,” the researchers explained.

The email includes a malicious doc that appears to contain the instructions on how to prevent flu. When users click the doc, the GandCrab 5.2 is unleashed and gets installed on the computers.

“The Word doc attachment is almost empty with just an Urgent Notice Heading. The scumbags trying to compromise you are hoping that you will enable content & editing to enable the macros that let this run,” said researchers.

Encryption process – Once installed, the ransomware encrypts the victims’ files and leaves behind a warning note, asking for ransom.

“The C2 for this is a well known site ‘https[:]//www.kakaocorp.link/static/tmp/eshe[.]png’ where the ransomware posts encrypted / encoded details about the compromised computer,” read the report.

In order to stay safe, users are urged to ignore such emails and should not click on the link or malicious doc as it can infect the systems.

Attackers compromised Pakistani government website to deliver Scanbox Framework payload

  • Researchers detected a compromised Pakistani government website that delivers Scanbox Framework payload whenever anyone visits the site.
  • Trustwave notified the Pakistani government website about the infection, however, the site still remains compromised.

What is the issue – Researchers from Trustwave detected a compromised Pakistani government website that delivers Scanbox Framework payload whenever anyone visits the site.

Worth noting – The compromised Pakistani government website (tracking.dgip.gov[.]pk) is a subdomain of the Directorate General of Immigration & Passport of the Pakistani government that allows passport applicants to track the status of their application.

The big picture

  • Once the Scanbox framework is on the visitor’s system, it collects system information and keystroke logs.
  • Scanbox also attempts to detect whether the visitor has installed any of the 77 endpoint products such as security tools, decompression, and virtualization tools.

“Scanbox Framework is a reconnaissance framework that was first mentioned back in 2014 and has been linked over the years to several different APT groups. Its intense activity during the 2014-2015 years has been well-covered in a paper written by PwC. It was then seen again in 2017 suspected to be used by the Stone Panda APT group, and once more in 2018 in connection with LuckyMouse,” Trustwave researchers said in a blog.

Why it matters – due to the lack of detection for the compromised website by security products

  • Most of the Antivirus and security products failed to detect this compromised domain, however, Trustwave detected the compromised site on March 2, 2019.
  • On that day alone, Scanbox managed to gather information including credentials on at least 70 unique visitors.
  • The impacted visitors were primarily from Pakistan (80%), while other visitors were located in Saudi Arabia, the United States, China, Qatar, Germany, UK, South Korea, Netherlands, and India.
  • Trustwave notified the Pakistani government website about the infection, however, the site still remains compromised.

The bottom line – The Scanbox server currently appears inactive, however, the infection indicated that it has some level of access to the compromised website.

“The Scanbox server currently appears inactive, but the infection indicates that the attack has some level of access to the site, and so it’s likely that the server could return to activity or be replaced with a different piece of malicious code at the attacker’s will,” researchers said.

SECURITY & FRAUDIndia Lender Warns Of WhatsApp Scam That Steals Bank Details

According to a report in BGR, SBI said messages from WhatsApp and other social media platforms are tricking customers into sharing details of their accounts.

The hackers are tricking the users by first sending a message in an effort to get them to share a one-time password. Some of the WhatsApp messages had an embedded link that installs an app in the background, which is used to get the one-time password from the user’s phone. State Bank of India is allowing customers to get a refund if they report the issue within three business days, noted BRG.

The scam targeting SBI account holders isn’t the only way hackers have been going after consumers in India in recent weeks. In late February, a man was able to trick people out of $250,000 using fake cryptocurrency. According to reports at the time, Pritam Patil asked victims to invest in an initial coin offering of his KBC Coin, which was named after a popular game show in India. He told investors the coin would see a substantial rise. With the cash in hand, he shut down the business and told investors they wouldn’t get their money back.

The use of WhatsApp to target Indian consumers makes sense, given its wide popularity in the country. As of June, the messaging app, which also facilitates digital payments, had more than one million users on its platform.

Software maker Citrix hacked, business documents removed

Acting on a tip from the FBI, Citrix has investigated and confirmed that its network has been penetrated and data had been exfiltrated by an outside force.

Neither the extent of nor the specifics of what has been removed has been determined, but in a statement Citrix said business documents have been accessed and downloaded by malicious actors. The FBI contacted Citrix on March 6 advising the company that the agency had reason to believe the company had been attacked. Citrix said it immediately hired an outside security firm to conduct an investigation which found the FBI was correct.

“The specific documents that may have been accessed, however, are currently unknown. At this time, there is no indication that the security of any Citrix product or service was compromised,” the company said.

The company has not released what kind of data was removed during the data breach.

The FBI told the company the attacker may have used a brute force attack to discover and exploit any weak passwords in Citrix’s systems. Once inside the attackers moved laterally through the network finding and removing files.

Citrix makes and touts the security of enterprise class Workspace as a Service software. In its About Us section the company states, “At Citrix, our mission is to power a world where people, organizations, and things are securely connected and accessible. A place where all business is digital business. A world where our customers are empowered to make the extraordinary possible. We will accomplish this by building the world’s best integrated technology services for secure delivery of apps and data ⎯ anytime, anywhere.”

Minnesota man admits to hacking government databases

  • A man from Minnesota, Cameron Thomas Crowley, admitted on March 7, 2019, that he hacked state government databases in 2017.
  • Crowley also admitted that he hacked databases belonging to the Minnesota government, a second university, and an unnamed school district.

What is the issue – A man from Minnesota, Cameron Thomas Crowley, admitted on March 7, 2019, that he hacked state government databases in 2017.

He disclosed that he hacked government databases as an act of retaliation after the vindication of an officer who shot Philando Castile during a 2016 traffic stop.

Why it matters – Crowley apologized in the US District Court for his actions which included one count of intentional unauthorized access. As a plea agreement, four other counts will be dismissed.

What data was involved – Crowley also admitted that he hacked databases belonging to the Minnesota government, a second university, and an unnamed school district and compromised information that included victims’ names, home and work addresses, telephone numbers, and password information.

“I would like to apologize publicly to the people who were affected by my actions. At the time, I thought what I was doing would draw attention to an injustice. But looking back, I realize that it hurt more people, and people who had nothing to do with the tragic death of Philando Castile” Crowley told the court, Security Week reported.

Worth noting – Crowley also apologized to the victims whose information was compromised.

He went onto apologizing to Castile’s family, saying, “I now realize that while my actions may have drawn more attention to Mr. Castile’s death, it does not honor his memory to do things that are harmful to others in his name.”

The plea agreement stated that the estimated amount of loss is between $40,000 and $90,000, however, the amount Crowley will have to repay his victims will be decided by the judge. It is noted that Crowley will be sentenced on July 17.

End of the Line for Windows 7: Open Road for Hackers

Microsoft has been urging customers to upgrade from its Windows 7 operating system, while attempting to ease the transition with several options for extended support. It will stop providing routine fixes and security patches effective January 2020. Regular support for Windows Server 2008 also is scheduled to end at that time.

Windows 7 enterprise customers can subscribe to Extended Security Updates (ESU) to receive security fixes for uncovered or reported vulnerabilities in the OS. However, patches will be issued only in cases of threats rated “Critical” or “Important” by Microsoft.

Those are the two top rankings in Microsoft’s four-step scoring system, meaning that performance issues might not be addressed. Moreover, ESU will be available only in one-year increments, and for just three years. It will be sold on a per-device basis instead of the per-user basis that Microsoft has offered for Windows 10.

ESU will be available for US$25 to $50 per year per device, but the cost will double each year, so that by 2022, support for the aging Windows 7 OS will cost $100 or $200 per device. Customers who subscribe to Microsoft 365 Enterprise will be offered the lower-tier pricing.

Computers running Windows 7 account for 37.9 of PCs today, while Windows 10 accounts for 40.9 market share, according to data from Netmaketshare. On the business side of the market, Windows 10 accounts for more than 50 percent of the market.

Windows 7 was released in 2009 as a replacement for the unpopular Windows Vista, as well as 2001’s Windows XP.

Server Side

Microsoft also plans to end support for Windows Server 2008 and SQL Server applications early next year, and the company has been encouraging clients to migrate to Azure.

Unlike with Windows 7, no ESU is planned, leaving customers with limited options.

The end of Windows Server 2008 support is why nearly one-third of companies surveyed said that they were considering purchasing new server hardware, according to the recent Spiceworks 2019 State of Servers report.

“Windows 2008 Server is the most widely used server on the planet,” said Zohar Pinhasi, CEO of MonsterCloud, provider of managed cybersecurity services.

As a result, it could make a tempting target to hackers once support ends.

“A lot of organizations moved to Server 2012, but migration isn’t an easy task, and too often companies take the approach ‘if it ain’t broken don’t fix it,'” he told TechNewsWorld.

“Criminals are already aware that Microsoft will discontinue the support for the OS next year, and our research suggests they could be cooking up something big — like taking advantage of zero-day vulnerabilities,” Pinhasi added.

Ending 7

Windows 7 was released as a follow-up to the underwhelming Windows Vista. It received a warm reception, widely seen as offering the best features and functionality of Windows XP and Vista.

In 2012, however — just three years after the release of Windows 7 — Microsoft took the OS in a completely new direction with Windows 8, which offered what the company dubbed a “Modern User Interface” with touchscreen options.

The new interface, which also was meant to bridge tablets and PCs, failed to catch on. Microsoft then released Windows 10 in 2015. Whereas Windows 7 combined the best aspects of XP and Vista, Windows 10 offered the best of Windows 7 and 8/8.1.

Yet, perhaps because Windows 10 resembles Windows 7 so closely, users have been slow to adopt it. Nearly four years later, 10 has only just surpassed 7 in total users. Microsoft has had to support three operating systems, so it is no surprise that the company decided to pull the plug on the oldest.

“Windows 7 was introduced 10 years ago in 2009 — that is 70 dog years or Internet years — a human lifespan,” said Paul Teich, principal analyst atLiftrCloud.

“It had to happen sometime; Microsoft has extended Windows 7’s life a number of times,” noted Roger Kay, principal analyst at Endpoint Technologies Associates.

Out With the Old OS

What makes this transition difficult is that Windows 7 has done its job quite well, remaining a very stable operating system. Still, supporting multiple OSes is not only a drain on resources, but also is inconsistent with Microsoft’s new direction.

“Microsoft is committed to pushing everyone onto Windows 10, which is better adapted to a services revenue stream,” Kay told TechNewsWorld.

“In fact, there may never be another Windows,” he suggested. “The company will keep updating the Windows 10 code essentially indefinitely. Now, beta versions of new code get pushed out, bug reports come back, and the team patches whatever needs it.”

Hardware Improvements

In the past, a barrier to upgrading was the hardware that past versions of Windows ran on, and making a move from Windows 3.1 to Windows 95 almost certainly required that users purchase a new computer. The same trend continued with Windows 98, Windows Millennium, Windows XP and notably Windows Vista.

By the time Windows 7 came along, Moore’s Law of ever-faster processors seemed to slow down. More importantly, apart from some PC games, most software really didn’t require vastly improved hardware. That made the transition from Windows Vista to Windows 7 much easier, and even today an upgrade to a new OS isn’t really that much of a stretch.

“Windows 7 first shipped on 45nm Intel Core processors code-named ‘Yorkfield’ (desktop) and ‘Penryn’ (mobile), which both debuted in 2008,” explained LiftrCloud’sTeich.

“The 45nm Core i5 ‘Lynfield’ (desktop) processor was introduced at the same time as Windows 7, as was the 45nm Core i7 ‘Clarksfield’ (mobile) processor,” he told TechNewsWorld.

The “sweet spot” for Intel Core processors at the time was quad-core for both mobile and desktop, while the core clock frequency ranges for all of those processors started at 2.3 GHz and topped out above 3 GHz.

“A current generation Core i5 ‘Skylake’ desktop processor has a base frequency of 2.6 GHz to 3.6 GHz, and two dual-threaded cores running four threads is still a sweet spot,” added Teich.

Today Mobile Core i3 versions have base frequencies of 2.3 GHz to 3.6 GHz using two dual-threaded cores.

“In 10 years, we didn’t get faster clock speeds except at the very high end of Intel’s product lines,” said Teich. “AMD could not do any better, because physics is physics. We got some speed-ups due to architectural improvements, but really, Moore’s Law is dead, dead, dead.”

Old PC With New OS

Given that we haven’t seen a great leap forward in hardware has meant in most cases those older PCs could be upgraded — something Microsoft initially offered for free.

“Hardware-wise, any system that can run Windows 7 can run Windows 10,” said Kay.

“That part is easy, and I’ve upgraded a bunch of older systems,” he added.

Even though that window to upgrade Windows for free has closed, Kay said it isn’t really that difficult and still can be accomplished easily.

“The Windows10 updater essentially looks for a valid Windows 7 or Windows 8 license, and off you go,” Kay explained.

“Windows 7 was designed to run well on whatever was running Windows Vista, so it didn’t require more compute power than was available several years before it shipped,” added Teich.

Moreover, Windows 10 was designed to run well on any PC that can run Windows 7, in order to appeal to both Windows 7 and Windows 8 upgrades.

“It wasn’t a hard goal, because Windows 10 focused on an easy-to-install and easy-to-update architecture, better security, and improving the user experience — none of which required more processor speed,” said Teich. “I have personally installed Windows 10 on at least four of my own Windows 7-era notebooks and self-built media PCs. All have performed well.”

Security Concerns

The biggest reason to upgrade from Windows 7 remains the security concern. Even with the ESU from Microsoft, users could be putting themselves at risk.

“It is already known that criminals are cooking up stuff in their labs,” warned MonsterCloud’s Pinhasi.

“Once they have those tools they can exploit the older versions of Windows to make billions from it,” he added.

Ransomware, such as the WannaCry cryptoworm, which targeted Windows machines in May 2017, could be unleashed after Microsoft’s support for Windows 7 ends.

That particular ransomware was propagated through EternalBlue, an exploit developed by the United States National Security Agency.

“The hackers dropped a package that was stolen from the NSA, and hackers could use something similar,” Pinhasi warned.

The best course of action isn’t to invest in the ESU from Microsoft, but to upgrade the OS and if necessary even the PC hardware.

“It’s time to move on; the demise of a loved operating system is hard, but inevitable,” said Roger Entner, principal analyst at Recon Analytics.

“Windows 7 stopped being the flagship Windows OS seven years ago, so it is time to upgrade, and a laptop for $179 at Best Buy runs Windows 10 and is probably more powerful than anything that was made in 2012,” he told TechNewsWorld.

“There is no reason that anyone running Windows 7 should stick with it, other than pure ornery stubbornness, and it’s not like you have to learn a new OS,” added Teich.

Of course, it isn’t just individual users who should heed these warnings.

“Companies really should get off Windows 7 as soon as they can,” warned Kay.

“Security attacks are getting more frequent, more sophisticated and more automated — and don’t imagine that just because you’re a small fish, they won’t come after you,” he explained. “Small firms are sometimes used as an attack vector against larger firms. And if companies need to turn over their PC base once every 10 years, that’s a good thing. Employees might even be more productive.”