Lucky News -- June 30th, 2023
Windows 10 EoL approaching, do you have a plan for 11? More Cloud Outages and MOVEit Data Breach
Are you staying up to date?
Do you know that this month Windows 10 21H2 went out of support? That means you need to be on Windows 10 22H2 or on Windows 11 to be considered under support. Ok, John, sure but is it really that big of a deal to be running on an out of support OS? The short answer is yes. When you are running on an operating system that is out of support there are many increased risks to security. Also, if you need support, it is very likely that you will be forced to upgrade before getting support. Also, and these next two are probably the biggest things, you are putting yourself and your company out of compliance with your Cyber Security Insurance and if your business is under any IT regulations, you are also not compliant. You will want to review what it means in your exact situation to be outside of compliance to know the full extent of your exposure. So the short answer is…make sure you are staying up with all of your updates.
Do you have a plan to move to Windows 11?
It is hard to believe but coming up shortly (October) Windows 11 will be 2yrs old. As the 2yr anniversary approaches it is time to start thinking about your transition plans especially since Windows 10 22H2 was the last major version of Windows 10 to be released. This means that Windows 10 will go end of life in October of 2025. It is our recommendation to start putting together your transition plan so that you can get your devices moved over to Windows 11. Getting this plan in place now is especially important as Windows 11 has some specific hardware requirements that may mean you need to replace or upgrade your current computers.
More Cloud Outages
On June 13th, Amazon Web Services (AWS) had a major outage that took down many other services including some point of sale and online ordering systems. While the outage only lasted for a few hours it quickly became clear how much of our ‘App’/Web driven world we are dependent on. One podcaster that I listen to frequently complained that they were unable to order their kids McDonald’s order ahead and had to wait in the drive-thru. Microsoft’s 365 environment also has had additional outages. On Tuesday (June 27th) users who utilize Outlook on the Web (https://outlook.office.com) were having issues accessing the service. This outage lasted the better part of the working day for users on the East coast but did not seem to impact users who use the desktop and mobile apps. Then the next day, Wednesday (June 28th), Microsoft Teams had an outage, this outage was restored much quicker however.
MOVEit Data Breach
There was a series of vulnerabilities in an enterprise application called ‘MOVEit’ that were exploited by the Russia-linked ransomware gang known as Cl0p. The list of companies (140+) and data that was compromised continues to be reported and there are also reports that this exploit has been utilized by the bad actors as far back as 2021. MOVEit software is used by many large organizations, Government Agencies, and school systems for Secure File Transfer and Automation. Recent reports have listed two of the big professional services firms, PwC and Ernst & Young LLP. So far only 10 companies have reported numbers of users impacted and we are already at roughly 16 million individual’s personal data being impacted. Cl0p continues to post names of organizations breached and are making ransom demands in order to prevent them from leaking the data. The parent company of MOVEit software, Progress Software, had released a patch at the end of May but the bad actors had already been in the environments and were actively exploiting the vulnerability while organizations rushed to update their environments. Here is a link to Progress’s information on the vulnerability as well as a link to the CISA Advisory page.