Windows XP’s source code has leaked. Though source code for Windows Server 2003 is reported to have been included in the leak as well, the Windows XP source code is the main object of concern due to its common use as a legacy system. Windows XP is one of the two most common OT operating systems (tied with Windows 7), meaning this leak is a game changer to the future of OT security. If at all possible, now is the time to move to an uncompromised OS.
While vulnerability hunters have previously been limited to ‘black box’ hacking (penetration testing and reverse engineering) on Windows XP, this leak will allow for the use of ‘white box’ hacking, where checking for exploits can be conducted from a position of total knowledge of the OS. New vulnerabilities and exploits for legacy systems will, from here-on out, be much easier to locate, making good hygiene for cyber-physical systems more important than ever.
With the use of network-based security measures such as network segmentation, it can be made much more difficult to gain access to assets running legacy systems in the first place. However, even this method of network architecture is not completely bulletproof, and there is a potential for intruders to be able to interact with your systems, either by making their way through the maze of the network or even by direct physical access (typically in the case of careless insiders).
With the operating system’s full source code open to hackers, it’s difficult to predict what emergent vulnerabilities might allow intruders to accomplish. This leaves signature-based solutions, dependent on the constant vigilance of signature researchers, as a crucial defense against the threats to come. Our team of signature researchers at TXOne Networks works 24/7 to gather information about the development, progress, and activity of IoT and ICS threats.
Signature research requires meticulous understanding of all current and relevant information, and they use this intel to create unique fingerprints that identify threat activity – signatures. For this reason, signature researchers are often heavily focused on in-depth vulnerability knowledge. These signatures are then used to classify and identify threats so that signature-based defenses, like the virtual patching offered by EdgeIPS and EdgeFire, can protect against them.