Australian technology security firm Pure Hacking has warned that hackers have malicious Windows XP attacks ready to deploy and are merely waiting for 8 April to target vulnerable computers.
"Hackers are just sitting on vulnerabilities because they know problems won't be fixed after the [end-of-life] deadline," chief technology officer at Pure Hacking Gordon Maddern told CRN. "There will be a flood of problems for XP as soon as April 8 arrives."
Even for SMBs tight on resources, Maddern said it is far less effort to move off Windows XP than mop up problems after an attack.
"Any computer on XP is a sitting duck," said Maddern. "It just takes one compromised machine sitting in a Windows domain to bring down the whole system."
Maddern also said that the vulnerability of point-of-sale devices and ATMs is a serious concern.
"Most ATMs are running XP and they certainly haven't upgraded," he said. The caution comes on top of a recent report of ATMs running Windows XP allowing scammers to steal cash via SMS.
Last month Symantec said in a white paper that the lack of security patches after the deadline will "inevitably place POS operators under increased risk of a successful attack" and that "POS operators should have mitigation plans in place to meet these coming deadlines".
Australia has abandoned Windows XP faster than the rest of the world according to some reports. According to Symantec, the support period has been extended to 12 January 2016 for devices running Windows XP Embedded.
Aside from moving off Windows XP, Pure Hacking advised customers to:
- Segregate XP computers to its own network or zone to contain any security breaches
- Apply whitelisting on XP machines to only allow trusted software to execute
- Disable all unnecessary programs and settings on XP