The biggest cyber threats governments and businesses face may not be the cutting edge hack from China, but a 10-year-old virus that infects a little-used computer.

Some of the most well-known viruses from the past decade are still infecting machines despite their well-documented nature, according to cyber research firms. Some viruses, such as WannaCry and Conficker, are still spreading, Sean Sullivan, a security adviser at F-Secure told Fifth Domain.

“It costs hackers nothing to keep using them,” Sullivan said.

These known vulnerabilities are still effective because older machines do not receive patches for updates, which can then infect an entire network. Hackers often bundle known hacks together because it increases their success rate with no downside, Sullivan said.

“Nothing is going to be 100 percent patched across organizations,” Sullivan, said. He described a network administrator’s role as “triage.”

The 2017 WannaCry hack infected users in more than 150 countries and had an economic impact of anywhere from $4 billion to $8 billion. Although progress has been made to patch computers, WannaCry is still a top malware threat for customers, F-Stream said in a September report.

The Conficker hack targeted Windows systems and was first launched in 2008. It is reported to have cost as much as $9 billion in damage.

But much work remains. More than two-billion devices have not been patched to defend against BlueBorne, a Bluetooth vulnerability that allows an attacker to take over devices, according to the cyber protection company Armis. The devices are still vulnerable because they have not been updated or because an update does not exist, according to the company.

“Whether they’re brought in by employees and contractors, or by guests using enterprise networks for temporary connectivity, these devices can expose enterprises to significant risks,” wrote Ben Seri, the vice president of research at Armis.

A previous version of this article said that two million devices have not been patched to defend against BlueBorne. It is two billion.

Justin Lynch is the Associate Editor at Fifth Domain. He has written for the New Yorker, the Associated Press, Foreign Policy, the Atlantic, and others. Follow him on Twitter @just1nlynch.

Share:
More In Cyber