Security News > 2021 > February > U.S. Gov Warning on Water Supply Hack: Get Rid of Windows 7
On the heels of last week's lye-poisoning attack against a small water plant in Florida, the U.S. government's cybersecurity agency is pleading with critical infrastructure defenders to rip-and-replace Windows 7 from their networks as a matter of urgency.
The government's latest appeal, issued via a joint advisory from the Cybersecurity and Infrastructure Security Agency, comes amidst reports that the remote hack of the water plant near Tampa Bay was being blamed on poor password hygiene and attacks on systems running Microsoft's out-of-service Windows 7 operating system.
In addition to running Windows 7 on computers at the plant, all devices used the same password for remote access.
Microsoft ended support for Windows 7 more than a year ago but, as cybersecurity experts warn on a nonstop basis, the plants and factories that run critical infrastructure are very slow to migrate to newer operating systems.
The ESU is a per-device plan available for Windows 7 Professional and Enterprise versions, with an increasing price the longer a customer continues use.
"Continued use of Windows 7 increases the risk of cyber actor exploitation of a computer system. Cyber actors continue to find entry points into legacy Windows operating systems and leverage Remote Desktop Protocol exploits," the agency warned.