Windows 11 will be available to download on October 5th. This is exciting news for those who have been waiting to upgrade and enjoy all of Microsoft’s latest features, but it also means we’ll need plenty of patience as developers create programs with compatibility before then!
There will be a free upgrade to eligible Windows 10 devices and pre-loaded Windows 11 software on new computers. This is why we must talk about security, and specifically Windows 11 malware.
What Windows 11 security threats were there before launch?
Okay, let’s say that Windows 11 doesn’t have any malware. But.
Cybercriminals are looking to make a profit from the growing interest in Windows 11. I’ve written previously about threats such as malware hiding within Windows 11 installer downloads, and now another malware campaign has been spotted in the wild.
The malware campaign in question uses infected Word documents that are made to look like they were created on Windows 11 Alpha. They claim users must clickety-click to unlock them.
“In this instance, Windows 11 is an interest topic and users may choose the links,” Saumitra das, co-founder of Blue Hexagon, said. “Either because they are curious what a Windows 11 file looks like, or it may appear plausible that they haven’t upgraded and need to do something in order to open this document.”
Who is FIN7?
The criminal group responsible for the Windows 11 Alpha malware campaign, also known by Carbanak, is FIN7. According to Cyjax threat analysts, FIN7 is the most established cybercriminal group in existence today.
The threat intelligence indicates that “it first appeared in 2013” and “has since successfully infiltrated Russian banks and Ukrainian banks,” “as well retail firms and hospitality organisations in Europe, the US and Japan, making millions of dollars in this process.”
Cyjax intelligence suggests that FIN7 threat agents have been “connected to a REvil(Sodinokibi), affiliate too, and ransomware attacks also follow it scanning point-of-sale (PoS), systems.”
Windows 11 feels the cybercriminal heat.
“Windows 11 will be hot in cybercriminal land, and the topic proved to be great hook to scoop up many victims,” Ian Thornton Trump, the chief information security officer at Cyjax, told me.
Thornton-Trump says an attack technique like malicious macros in Microsoft Office documents, which have been around for over a decade, is still an effective end-point attack.
He says, “Apparently, security for many organizations has not moved that far down” This activity is likely to increase between now and the launch and well into 2022, so be alert.
Is there any Windows 11-specific malware?
Cyjax CEO Kevin McMahon is clear that Windows 11 has been a target of cybercriminals. He says, “No doubt Microsoft has built a new army to protect against malware within the new operating systems but, there are smarter people working against them.” McMahon says, “It’s only going to be a matter time,” as Windows 10 did a few years ago.
Unfortunately, Windows 11 malware is a fact that’s almost always true.
The Windows 11 TPM great kerfuffle
Microsoft has been at pains to emphasize the security by design as part of the Windows 11 package.
The malware threat has received much less attention. TPM protection does not always protect against a threat, according to Corey Nachreiner (chief security officer at WatchGuard Technologies) back in July. Nachreiner said that while it increases a device’s security, malware attacks can still be successfully carried out on TPM-protected systems.
Different types of Windows 11 Malware
Spyware: Malware that can be used to keep an eye on a person’s computer activity without their knowledge exists.
Ransomware: Ransomware is designed so that when it gets in, data files are encrypted and held hostage with threats of being deleted unless specific demands are met — usually payment in the cryptocurrency bitcoin.
Adware: Programs designed to display advertising material such as popup and full-page ads.
Trojans: Malicious software disguised as or embedded in legitimate software which appears useful but contains destructive features.
Viruses: The word virus has become a catchall term for any unwanted program that will run on your computer without your explicit permission.
Windows 11 is a malware magnet, amongst other things that deserve to be discussed carefully before being installed on a server.
“It’s important to note that even if Windows 10 incorporates protections against exploitation, it still offers a wider attack surface than previous versions of the operating system,” says McMahon, “due to the large number of remotely accessible features like Cortana and the universal app platform.”
“Windows 11 will be proved to be vulnerable.”
Thornton-Trump states that Windows 11, as all Microsoft operating systems, will be “most secure” ever created, just like Windows 10 and Windows 7, respectively. He concludes that Windows 11 will be exposed just like Windows 10 or Windows 7. “Windows 11 shares a lot (and even older versions) of its codebase with its parent OS’s, so it will be attacked and most likely exploited.”