Tech Time Warp: Three times installing an update would have been a good idea
As Cybersecurity Awareness Month draws to a close, we turn our attention to a frequently overlooked but simple way to stay safe online: installing security updates. Security updates tend to appear at inopportune times, and it’s easy to say, “I’ll do it later”. But “later” never comes. In this Tech Time Warp, you will see from these infamous moments in cybersecurity history, skipping security updates is a big mistake.
Santy worm (2004)
The malware equivalent of a lump of coal, 2004’s Santy worm targeted servers running online bulletin boards based on the free phpBB software. Santy used Google to find a viewtopic.php file, then was able to exploit the file using a PHP vulnerability. Using a SQL injections, Santy overwrote files with the extensions .htm, .php, .asp, .shtm, .jsp and .phtm. It replaced them with the words “This site is defaced!!! This site is defaced!!! NeverEverNoSanity WebWorm generation.” Nearly 40,000 websites were affected. This means 40,000 site owners had not installed a security patch that would have presented all this holiday fun. Interestingly, the Anti-Santy-Worm was a subsequent piece of malware. It infected sites to warn them about the need to install the security patch.
Blackworm virus (2006)
The Blackworm virus of 2006 is notable for its early identification by security experts and subsequent security patch. Still, nearly 1 million computers were infected, with disproportionate spread in the Middle East and South America. Those who had not heeded the early security warnings dealt with a payload. This included disabled antivirus software and files that were replaced with a text string: “DATA Error [47 0F 94 93 F4 K5].”
Equifax data breach (2017)
If you were among the 147 million people affected by the 2017 Equifax data breach, you probably wish that an Equifax employee had followed their boss’ directive to apply an Apache Struts patch released March 7, 2017. (The saying “You had one job to do!” comes to mind.) The patch was not applied. The end result was a $425 million settlement with the Federal Trade Commission, the Consumer Financial Protection Bureau, and all U.S. states and territories.
Skipping a security patch might not cost you $425 million, but it has a high likelihood of causing you major headaches. Secure your world and install the updates now, not later.
Did you enjoy this installation of SmarterMSP’s Tech Time Warp? Check out others here.
Photo: Blackboard / Shutterstock