We update monthly on Patch Tuesday, install firewalls, anti-virus and anti-spyware, and always coach users to use complex, secure passwords. But apparently it is still not enough. A recent poll of 300 hackers conducted at Black Hat finds Windows OS is still a very hot target for attack. Those that answered the survey were a combination of white hat, gray hat and black hat hackers.
Nearly 50 percent of those surveyed said they had compromised Windows-based systems more than any other within the past year. Most said they infiltrated Windows 10 most frequently, followed by Windows 8. Microsoft says Windows 10 has been deployed on 700 million devices since its launch in 2015.
Microsoft has prioritized security in recent years, recently noting it will continue to invest over $1 billion a year on cybersecurity and research in order to further enhance the defenses of its products. But clearly, Windows is still seen as a sitting duck for hackers seeking a quick win. Why is that?
“With more than 80 percent of the desktop OS market share, it is no surprise that Windows is a hot target for hackers,” said Michael Maltsev, a security researcher at Reason Software Company. “Microsoft is well aware of this, and constantly works on mitigations for known attacks. For example, Windows 10 introduces security features such as KCFG (Kernel Control Flow Guard), ACG (Arbitrary Code Guard), HyperGuard, ASR (Attack Surface Reduction) and WDEG (Exploit Protection). Even though not all mitigations are enabled by default due to compatibility reasons, we can see a trend where it’s more difficult for attackers to exploit the system, and more attackers are relying on social engineering for the job.”
Windows Security Has Improved, But So Have Hacker Techniques
To its credit, Microsoft has included enhancements and improvements to each new Windows OS, which have paid off with better security in each new OS release, but there will always be the age-old problem of user error.