As humans we naturally age, and as expected so do information systems, software, techniques and their associated networks. This system aging can become a problem for organizations who neglect to dedicate enough resources to advancing their systems and keeping them up to date. This is even more important due to the rapid pace in which new technologies and devices are implemented into the network. A sometimes overlooked and ever increasing risk to an organization is the need to address end-of-life (EOL) systems and software. When these systems and software hit the designated EOL, further patching and updating no longer happens and as a result any remaining vulnerabilities, or newly discovered weaknesses will remain in the system.
Organizations that utilize these EOL systems and software, such as outdated operating systems (OS) are effectively accepting the high risks associated with these systems. In some cases, this could be considered negligent behavior as it can expose confidential information easily during a breach due to known vulnerabilities. Some developers will issue notices about known new exploits using some forms of their previous software or hardware as a courtesy. This is evidenced by the recent SonicWall announcement that an EOL software and firmware system Secure Mobile Access (SMA) 100 and Secure Remote Access products running unpatched and EOL 8.x software is vulnerable to a ransomware attack. SonicWall is requesting that any clients using these products to unplug them from the network immediately and reset all passwords (Greig, 2021).
The risks associated with running EOL products in a production environment is tantamount to running through a mine field and hoping you don’t hit anything. EOL products generally carry known vulnerabilities and these systems are some of the low-hanging fruit that attackers will target. In some cases, even automated software that is freely available can be used to breach a system using old systems and technology. The costs of litigation, remediation, and revenue loss alone should scare any technology manager and business leader into ensuring that the necessary funds and processes are in place to keep systems and software up-to-date.
Moral of the story: Don’t run old software and networks, these will be a very easy attack vector for any number of attackers.
References:
Greig, J. ‘SonicWall Releases Urgent Notice about ‘imminent’ Ransomware Targeting Firmware’ 14 July 2021. Zd Net. SonicWall releases urgent notice about ‘imminent’ ransomware targeting firmware | ZDNet
ABC Services. ‘The Risks of End-Of- Life Technology.’ Accessed 18 July 2021. ABC Services. The Risks of End-of-Life Technology – ABC (abcservices.com)
Cybersecurity In Action 