With the end of XP support now less than two weeks away, it is not predicted that attackers will hold on to exploits.
Stephen Bonner, partner in the information protection and business resilience at KPMG, said that if he were an attacker with a zero-day for XP, he would launch it now. “I don’t believe that attackers have long term economic thinking, and would retain a valuable attack. If you are an organised criminal, and have a way to make money, I doubt they are thinking “this might make us more money in six months time”. If they have a vulnerability, then they would use it to send spam and steal details,” he said.
“If you think about quarterly reporting for publicly listed companies, I imagine organised crime gangs want money now, so I just don’t buy them sitting on exploits. Equally, if you are a rational thinker, you are not going to use it next week when everyone is paying attention; that is the worst time to exploit it. My thinking would be nothing will happen in the short term.”
Bonner predicted that the long term will see flaws exploited as organised crime focus on the best return, so the biggest footprint in the market is where they focus their effort if you break in. As XP becomes less and less popular it will reach a steady state, but there will still be flaws and we will still find ways to fix them.”
Ken Westin, security researcher at Tripwire, predicted that the end of Windows XP support will be “a boom for malicious hackers who will have an arsenal of saved unreleased vulnerabilities at their disposal”.
Speaking to IT Security Guru, Christopher Boyd, malware researcher at Malwarebytes, said: “I tend to think someone with an exploit would use it sooner rather than later – you could wait six months until interest has passed to another OS, but the whole time you’re waiting the userbase will surely be slowly migrating elsewhere as word gets around that XP is now officially dead.
“Many of the exploits which may target XP in future could be reliant on software vulnerabilities. If our theoretical attacker has a zero day similar to the recent Adobe Flash exploit which targeted XP, it wouldn’t do them any good to deploy it months after said software company had already put an emergency update out so time is of the essence.”