The traditional Microsoft operating system (OS) is likely to be with us forever, and OS usage statistics show that the total market share of traditional operating systems is still above 10%. With a total Windows installed base of 1.3 billion, approximately 150 million endpoints are still running legacy versions of the operating system.
Hundreds of thousands of organizations have endpoints and servers running unsupported operating systems. If you're in manufacturing, finance, healthcare, or education, you're probably all too aware of the security issues that legacy systems pose.
A recent SANS Institute survey found that 54.3% of companies reported that one of their biggest security challenges is integrating legacy technologies with modern ICS and OT systems.
Risks of Traditional IT Systems
Many companies also face the challenge of removing legacy applications from their environments. There is the "if it ain't broken..." thinking.
The fact that legacy environments can continue to function normally is the number one reason they become legacy environments. For many business decision makers considering the cost of migration, it makes sense to keep outdated systems in place for as long as possible.
Unfortunately, the risks of legacy IT systems have compounded over time, as evidenced by the constant emergence of vulnerabilities in obsolete operating systems. For example, Windows 7 has more than 43 CVEs issued in 2023 after entering "end of life", while Windows Server 2008 has 95 CVEs.
Older versions of applications, such as discontinued versions of Microsoft Office or custom business applications, expand the attack vector. Older versions of applications are a goldmine for threat actors, and their vulnerabilities can be recycled into new ones long after they have been discovered. For example, a little-known Apache web server CVE from 2004 was exploited for cryptomining. Hardware aspects of legacy systems, such as unpatched BIOS, may increase this risk.
Newer versions of the system aren't perfect, but generally, the older the system or application, the easier it is to break.
Traditional IT Security Challenges
Legacy Windows systems have design limitations that lack the security architecture required for EDR to view operating system and process communications. Specifically, older operating systems have limited Event Tracing (ETW) and lack the advanced anti-exploitation features common to modern systems. For example, AMSI, CFG, ACG, etc.
This lack of visibility greatly limits their detection capabilities. From a prevention standpoint, many EDRs rely on Microsoft Defender AV for baseline protection, including Microsoft's signature and machine learning-based detection, threat intelligence and response capabilities. But Defender AV was only released with Windows 10 in 2015, so EDR running on pre-2015 Windows systems offers limited protection. From a computing perspective, legacy systems have operating system design constraints that often prevent advanced security solutions such as endpoint protection platforms (EPPS) and endpoint detection and response (EDR).
As a result, legacy systems are often only protected by basic, outdated antivirus (AV) solutions. This creates a highly inconsistent attack surface for organizations that rely on advanced EDR to protect their newer systems.
To address these challenges, Morphisec held a webinar with Microsoft expert Adam Gordon from ITProTV. We discussed:
-
Security Risks of Running Legacy Systems
-
Which is the Bigger Legacy Challenge - Endpoint or Server
-
Why is it so difficult to migrate legacy terminals to modern operating systems?
-
Why are traditional EPP and EDR tools difficult to protect legacy systems?
-
Practical Advice for Improving Legacy System Security Posture
Protect legacy IT systems with automated moving target defense
Legacy systems are low-bandwidth environments that lack the operating system architecture and computing power to support scan-based security solutions such as Next Generation Antivirus (NGAV), EPP, and EDR/XDR.
However, Morphisec's Automated Moving Target Defense (AMTD) protects Windows and Linux legacy systems from advanced cyberattacks such as fileless attacks, memory attacks, ransomware and supply chain attacks. At 6MB, Morphisec is lightweight enough to run on a Raspberry Pi, doesn't require updated signatures or security flags, doesn't rely on visibility features that traditional operating systems lack, as it doesn't require an internet connection, and even secures the system.
Morphisec's AMTD works by morphing the runtime memory environment, moving system assets, and leaving the decoy in its place.
Trusted system processes run without issue, hidden from attackers, while any code attempting to come into contact with the decoy is caught for forensic analysis.
Gartner calls AMTD "..an emerging game-changing technology for improving cyber defense."
Hongke Intrusion Defense Solution
Hongke Intrusion Prevention Solution, a leader in moving target defense technology, has proven the power of this technology. We've deployed our MTD-powered vulnerability prevention solutions at more than 5,000 enterprises, protecting more than 8 million endpoints and servers from many of the most advanced attacks every day. In fact, Morpheus currently blocks 15,000 to 30,000 ransomware, malware, and fileless attacks per day that NGAV, EDR solutions, and Endpoint Protection Platforms (EPP) fail to detect and/or block. (e.g., Morpheus Client Success Story, Gartner Peer Insights Review, and PeerSpot Review) Examples of such attacks that were blocked on Day Zero when other NGAV and EDR solutions failed to prevent them include, but are not limited to :
-
Ransomware (eg, Conti, Darkside, Lockbit)
-
Backdoors (eg, Cobalt Strike, other memory beacons)
-
Supply chain (eg, CCleaner, Asus, Kaseya payloads, iTunes)
-
Malware downloaders (eg, Emotet, QBot, Qakbot, Trickbot, IceDid)
Hongcomorpheus provides solutions for key applications , windows and linux local and cloud servers , with a size of 2MB for rapid deployment.