Windows 10 EoL

Windows 10 End of Life: Critical Considerations for Your Business

As your Managed Service Provider (MSP), our priority is ensuring your IT environment remains secure, compliant, and operational. With Windows 10 approaching its End of Life (EoL), we are addressing significant challenges that impact your business. Microsoft will discontinue free support on October 14, 2025, with paid options extending to October 2026 and beyond. Below, we outline the implications, the risks of inaction, the costs involved, and the hardware obstacles posed by Windows 11—along with our strategy to maintain your business continuity.

October 2025: Termination of Free Security Updates

Microsoft will end free security updates, bug fixes, and technical support for Windows 10 on October 14, 2025. Provided your systems are updated to version 22H2, they will remain secure until this date. However, with only seven months remaining from this month (March 2025), preparation is urgent.

  • Our Approach: We are prepared to conduct a comprehensive audit of your devices to determine their readiness for Windows 11 and identify those requiring upgrades or replacement. Acting promptly ensures we avoid disruptions as the deadline nears.

October 2026: Extended Security Updates and Associated Costs

After October 2025, Windows 10 will no longer receive free updates, though Microsoft offers an Extended Security Updates (ESU) program for continued critical security patches—at a cost:

  • Business Pricing: The ESU begins at **$61 per device** for the first year (October 2025–October 2026), escalating to $122 for Year 2, and $244 for Year 3 (ending October 2028). Discounts may apply for cloud-managed devices or Windows 11 subscriptions.
  • Consumer Pricing: Individual devices can access one year of updates for $30 per device, extending support to October 2026, though further extensions remain unconfirmed.

This program provides security updates only, omitting new features or non-security fixes, making it a temporary measure rather than a sustainable solution.

Risks of Unpatched Systems

Post-October 2025—or October 2026 without ESU—unpatched Windows 10 systems pose significant risks:

  • Security Vulnerabilities: New exploits will go unaddressed, increasing exposure to malware, ransomware, and data breaches—threats that historically target unsupported operating systems.
  • Regulatory Non-Compliance: For industries such as healthcare or finance, outdated software may violate compliance standards, risking penalties or audits.
  • Application Support: Third-party software vendors will eventually cease Windows 10 compatibility, potentially disrupting critical business applications.

These risks threaten business continuity, as a security incident or software failure could lead to costly downtime, data loss, or reputational harm. Our objective is to mitigate these dangers proactively.

Windows 11 Hardware Requirements: A Shift from Legacy Systems

Upgrading to Windows 11 is the recommended long-term solution, but its stringent hardware requirements present challenges for older systems:

  • TPM 2.: A Trusted Platform Module (version 2.0) is mandatory for security features like encryption. Many pre-2018 devices lack this, requiring hardware upgrades or replacement.
  • Processor Compatibility: Only 8th-generation Intel CPUs (or newer) and AMD Ryzen 2000 series (or newer) are supported, excluding older processors like 7th-gen Intel chips.
  • Memory and Storage: A minimum of 4 GB RAM and 64 GB storage is required, surpassing Windows 10’s lower thresholds and necessitating upgrades for some systems.
  • Secure Boot: This feature, reliant on UEFI firmware, is incompatible with older BIOS-based hardware.

For example, a 2016 system with an Intel Core i5-6500 and inadequate RAM may not qualify, often making replacement more economical than retrofitting. We are utilizing tools like Microsoft’s PC Health Check to assess your infrastructure accurately.

Thin Clients: An Exception to the Deadline

Not all systems face the same constraints. Thin clients, which rely on centralized servers or cloud environments (e.g., Windows 365 or virtual desktops), are not directly subject to the Windows 10 EoL deadline. Their operating systems are typically lightweight and managed by the host environment, which can run Windows 11 or other supported platforms. This flexibility allows thin clients to maintain functionality beyond October 2025 without immediate upgrades, offering a cost-effective alternative for certain use cases.

Our Strategy for Your Business Continuity

To safeguard your operations, we are implementing a structured plan:

  • Through October 2025: We will ensure your Windows 10 systems remain fully patched while assessing your hardware and software for Windows 11 compatibility. A detailed migration timeline will be established by mid-2025.
  • October 2025–October 2026: For devices unable to transition immediately, we will leverage ESU at $61 per device for the first year, using this period to phase in Windows 11 upgrades strategically.
  • Post-October 2026: Our target is to complete your migration to Windows 11 by October 2026, avoiding escalating ESU costs ($122+ per device) and heightened risks. We will manage hardware procurement and software validation to minimize disruption.

Conclusion: A Proactive Path Forward

The Windows 10 EoL presents challenges, but our plan ensures your business remains secure and operational. By auditing your systems now, utilizing ESU as a short-term bridge where necessary, and transitioning to Windows 11 or thin-client solutions by October 2026, we will protect your continuity while managing costs effectively. Please contact us this month to discuss your specific requirements and initiate this critical process. Our expertise is at your service to navigate this transition seamlessly.

Atomic macOS Stealer (AMOS) Malware
418 Views

Atomic macOS Stealer (AMOS) Malware

A new variant of the “Atomic macOS Stealer” (AMOS) malware has been identified, posing a significant threat to macOS users by targeting and stealing sensitive data such as passwords, browser history, and cryptocurrency wallets. The malware is sold on the dark web for $1,000 a month, making it accessible to cybercriminals and increasing its potential impact. AMOS uses phishing emails and fake software updates to infiltrate systems. Once inside, it extracts keychain information, passwords stored in browsers, and files like PDFs and Word documents. Users are advised to stay vigilant, avoid downloading unverified files, and update their software regularly to reduce the risk of infection.

For a detailed analysis, visit the original article [here](https://news.sophos.com/en-us/2024/09/06/atomic-macos-stealer-leads-sensitive-data-theft-on-macos/).

Burnt Cigar 2: Scripting the Burning of Your Own Defense
417 Views

Burnt Cigar 2: Scripting the Burning of Your Own Defense

In the recent blog post titled *Burnt Cigar 2: Scripting the Burning of Your Own Defense*, Sophos provides an in-depth analysis of the emerging trend of attackers leveraging legitimate tools to bypass defenses and execute their attacks. The blog dives into how threat actors use automation and scripting to dismantle security defenses in targeted environments, rendering traditional security measures less effective. It emphasizes the need for organizations to move beyond static defenses and adopt more adaptive security models, such as those offered by extended detection and response (XDR) and managed detection and response (MDR) solutions.

To read the full article, visit [Sophos News – Burnt Cigar 2](https://news.sophos.com/en-us/2024/08/27/burnt-cigar-2/).

Burnt Cigar 2: Scripting the Burning of Your Own Defense
299 Views

The Evolving Pressure Tactics of Ransomware Gangs

In a recent article by Sophos, “Turning the Screws: The Pressure Tactics of Ransomware Gangs,” new strategies used by cybercriminals to pressure victims into paying ransoms are explored. These groups have evolved from simply encrypting data to leveraging extortion techniques, such as threatening to leak sensitive information or damaging a company’s reputation. The article highlights that ransomware gangs increasingly target high-profile organizations, using fear and urgency to coerce payments. By understanding these tactics, businesses can better prepare and implement security measures to mitigate risks.

Read the full article: [Turning the Screws: The Pressure Tactics of Ransomware Gangs](https://news.sophos.com/en-us/2024/08/06/turning-the-screws-the-pressure-tactics-of-ransomware-gangs/)

Don’t Get Mad, Get Wise: How to Defend Against Cyberattacks with Knowledge
285 Views

Don’t Get Mad, Get Wise: How to Defend Against Cyberattacks with Knowledge

In the blog post “Don’t Get Mad, Get Wise: How to Defend Against Cyberattacks with Knowledge,” Sophos emphasizes the importance of using intelligence to outsmart cybercriminals. The article explores how organizations can shift their mindset from reactive to proactive by focusing on cybersecurity education and awareness. With the right knowledge, businesses can better understand the threats they face, utilize detection and response tools, and develop strong defensive strategies to stay ahead of cyberattacks. By leveraging Sophos Managed Detection and Response (MDR) and Extended Detection and Response (XDR) solutions, companies can transform threat intelligence into action, reducing the risk of breaches.

Read the full article here: [Don’t Get Mad, Get Wise](https://news.sophos.com/en-us/2024/08/13/dont-get-mad-get-wise/)

Don’t Get Mad, Get Wise: How to Defend Against Cyberattacks with Knowledge
307 Views

Qilin Ransomware Caught Stealing Google Chrome Credentials

In a recent discovery, Sophos Labs uncovered that the Qilin ransomware is not only encrypting files but also stealing sensitive credentials stored in Google Chrome. This new behavior signals a broader approach by ransomware operators, combining data theft with encryption for maximum leverage over victims. By accessing stored credentials, attackers can target additional services and accounts, significantly escalating the potential damage.

Qilin’s dual threat model serves as a reminder for organizations to strengthen their cybersecurity measures, with a focus on ransomware resilience and proper credential management. Ensuring Chrome’s password manager is properly secured and limiting the use of stored credentials can mitigate this risk. Additionally, adopting a robust ransomware protection solution and implementing multi-factor authentication (MFA) are essential steps to defend against these evolving tactics.

For more details, read the full article here: [Qilin Ransomware Caught Stealing Credentials Stored in Google Chrome](https://news.sophos.com/en-us/2024/08/22/qilin-ransomware-caught-stealing-credentials-stored-in-google-chrome/).

382 Views

Understanding Google Chrome’s Security and Privacy Concerns: A Comprehensive Analysis

Google Chrome is the most popular web browser in the world, used by billions of people across various platforms. Its user-friendly interface, speed, and seamless integration with other Google services make it a top choice for both casual users and businesses alike. However, Chrome has also been the subject of various privacy and security concerns. The browser collects a significant amount of data, integrates with Google’s vast advertising ecosystem, and has a complex relationship with your local system’s data. In this article, we will explore the security and privacy concerns surrounding Google Chrome in depth.

Google Chrome’s Data Collection Practices

One of the primary concerns with Google Chrome is the amount of data it collects from users. While this is not uncommon for a browser, the extent to which Chrome does so—and how it uses this data—raises privacy questions, especially compared to other browsers.

1. Data Collection for Targeted Advertising

Google’s business model is heavily reliant on advertising, and Chrome plays a pivotal role in collecting data for that purpose. Chrome collects user browsing history, search queries, cookies, and more to serve targeted ads. For users signed into their Google account, Chrome can track activity across different devices and sessions. Even when you are not actively signed into Chrome, it can still collect data for Google’s ad ecosystem.

2. Browsing Activity and Data Synchronization

Chrome allows users to sync their data (such as bookmarks, passwords, and browsing history) across devices by logging into their Google account. While convenient, this feature means that a large amount of your personal data is stored on Google’s servers, creating a single point of vulnerability if your Google account is compromised. Moreover, Google can use this data for advertising and personalization, raising further privacy concerns.

3. Telemetry and Background Data Collection

Chrome collects telemetry data in the background, which includes usage statistics, crash reports, and diagnostic information. This data is meant to help Google improve Chrome’s performance, but it also gives the company a vast amount of behavioral information. Even in Incognito Mode, some data—such as DNS lookups and IP addresses—can still be collected. While you can opt-out of some telemetry features, many users may not even be aware of the full extent of the data collected.

Chrome vs. Other Browsers: A Privacy Comparison

Compared to other browsers, Google Chrome tends to collect more data from users, particularly when stacked against privacy-centric browsers like Mozilla Firefox and Brave.

1. Firefox

Mozilla Firefox is a popular alternative to Chrome, especially among privacy-conscious users. Firefox collects minimal telemetry data and is transparent about its data practices. Mozilla’s Enhanced Tracking Protection (ETP) feature blocks third-party trackers by default, giving users more privacy while browsing. Unlike Google, Mozilla’s business model is not centered around advertising, reducing the incentive to collect user data. Additionally, users can disable most telemetry settings in Firefox.

2. Brave

Brave is another browser designed with privacy in mind. By default, Brave blocks all ads, trackers, and third-party cookies. It even provides users with built-in tools to improve their privacy, such as Tor integration for anonymous browsing. Brave uses a privacy-respecting ad model, where users are paid to view non-tracking ads, significantly reducing data collection. Compared to Chrome, Brave is much more aligned with user privacy, ensuring minimal data collection without affecting browsing performance.

3. Apple Safari

Apple’s Safari browser is well-known for its strong focus on privacy. Safari employs features like Intelligent Tracking Prevention (ITP) to reduce the ability of advertisers to track users across different websites. Apple does not use user data for advertising, and while some telemetry data is collected for performance optimization, it’s significantly less than what Chrome gathers.

Google Chrome’s Interaction with the Local System

While Google Chrome primarily collects browsing data, there are certain ways the browser interacts with the local system that can also raise security and privacy concerns.

1. Accessing Local Files

Google Chrome allows users to upload files to websites, and while doing so, it interacts with your local file system. However, Chrome only has access to the files that you explicitly choose to upload. It cannot browse your system or access other files without your permission. Similarly, Chrome can open local files using the `file://` URL, but this data is not transmitted to Google unless you upload the files to a service.

2. Permissions for System Resources

Chrome may request access to specific system resources, such as your camera, microphone, or location. These permissions are granted on a per-site basis, and you can manage or revoke them at any time. However, granting these permissions gives websites significant control over your system resources, so it’s important to be cautious about which sites you allow to access sensitive data.

3. Extensions and Plugins

Extensions and plugins can significantly enhance Chrome’s functionality, but they can also introduce security risks. Extensions are granted specific permissions, and some can access your browsing history, local storage, or interact with system files. While Google vets extensions in the Chrome Web Store, malicious or poorly designed extensions could collect personal data without your knowledge. It is critical to review the permissions granted to each extension and uninstall any that seem suspicious or unnecessary.

System-Level Data Collected by Chrome

In addition to interacting with your local file system, Chrome can collect certain types of system-level information to optimize your browsing experience.

1. Hardware and Software Information

Chrome collects details about your device, such as the operating system, browser version, screen resolution, installed fonts, and hardware information (like the type of graphics card). While this data helps optimize the browsing experience, it can also be used for tracking purposes, such as “browser fingerprinting,” where websites use this data to uniquely identify your device.

2. Browser Cache and Local Storage

Chrome stores temporary data, such as cached pages, images, and cookies, on your local system to improve loading speeds and overall performance. Websites can also store data locally using cookies, local storage, or indexed databases. While this data resides on your system, it can be accessed by the websites that stored it, and Google can collect cookies from websites associated with its services.

Chrome’s Role in Potential Security Vulnerabilities

Though Chrome is designed with strong security features, no browser is immune to vulnerabilities. Chrome’s popularity makes it a target for malicious actors who might attempt to exploit security flaws, especially through the use of malicious extensions or social engineering attacks.

1. Extensions as a Security Weakness

While Chrome extensions can provide useful features, they also represent a significant security risk if they come from untrusted sources. Extensions that request excessive permissions can collect sensitive data, or even access local files if granted the right permissions. Although Google reviews extensions, malicious ones have occasionally slipped through, leading to data breaches and other security issues.

2. Malware Exploiting Chrome

In rare cases, malware or exploits may target Chrome to gain access to your local system’s files or manipulate browser behavior. However, such attacks typically require users to install malicious software or visit compromised websites. Chrome’s sandboxing technology helps limit the damage that malware can do, but vigilance is still required to avoid these threats.

Conclusion: Balancing Chrome’s Features with Security Concerns

Google Chrome offers a fast, feature-rich browsing experience with excellent integration into the broader Google ecosystem. However, its data collection practices and interaction with your local system raise valid concerns for users who prioritize privacy and security.

While Chrome collects more data compared to privacy-centric browsers like Firefox or Brave, there are ways to mitigate some of these concerns:

  • Manage and review browser permissions regularly.
  • Be cautious with extensions and plugins, ensuring they are from trusted sources.
  • Limit the amount of data synced with Google by adjusting your sync settings.
  • Consider privacy-focused alternatives for tasks where privacy is a priority.

For those looking for a more private browsing experience, switching to browsers like Firefox, Brave, or even Safari may be a good option. Each offers a unique approach to balancing usability with enhanced privacy, making them suitable alternatives for users who want more control over their data.

In the end, the choice of browser depends on how much you value privacy versus the convenience offered by Chrome’s robust feature set and integration with Google services. Understanding how Chrome collects and uses data is the first step toward taking control of your online privacy and security.

Don’t Get Mad, Get Wise: How to Defend Against Cyberattacks with Knowledge
359 Views

G2 Names Sophos a Leader for Endpoint Protection, EDR, XDR, Firewall, and MDR

G2 has recognized Sophos as a leader in several cybersecurity categories, including Endpoint Protection, EDR, XDR, Firewall, and MDR, based on user reviews. Sophos’ solutions received high ratings for their effectiveness, ease of use, and robust customer support, highlighting the company’s commitment to providing comprehensive and reliable cybersecurity services.

Read the full article

Don’t Get Mad, Get Wise: How to Defend Against Cyberattacks with Knowledge

Microsoft Rolls Out The Largest CVE Count In Recent History

The Impact of Organizational Structure on Cybersecurity Outcomes**

A recent study by Sophos analyzed the impact of different organizational structures on cybersecurity outcomes based on a survey of 3,000 IT and cybersecurity professionals across 14 countries. The study identified three models of organizational structure:

  1. Separate IT and cybersecurity teams.
  2. A dedicated cybersecurity team within the IT organization.
  3. The IT team managing cybersecurity without a dedicated cybersecurity team.

Key Findings:

  • Organizations with a dedicated cybersecurity team within the IT department (Model 2) reported the best overall cybersecurity outcomes.
  • Separate IT and cybersecurity teams (Model 1) experienced the poorest outcomes, with higher rates of ransomware attacks and higher ransom payments.
  • Effective cybersecurity operations are closely linked to the integration of IT and cybersecurity functions, highlighting the importance of collaboration between these teams.
  • Investment in cybersecurity skills and capacity is crucial, as organizations lacking essential skills struggle regardless of their structural model.

Cyber Insurance and Cyber Defenses

Sophos’ research on cyber insurance and defenses emphasizes the interconnected nature of cyber risk management. The survey of 5,000 IT leaders revealed that:

  • Cyber insurance adoption is widespread, with 90% of mid-market organizations having some form of coverage.
  • Investments in cyber defenses not only improve protection but also enhance the organization’s insurance position, leading to better coverage terms and lower premiums.
  • Misalignment between business needs and policy coverage is a common issue, underscoring the importance of involving all stakeholders in the policy selection process.
  • Insurers generally pay out on claims, but policies often do not cover the full cost of cyber incidents, primarily due to policy limits being exceeded.

The State of Cybersecurity 2023

Sophos’ 2023 report highlights the significant impact of cyber threats on businesses, based on a survey of 3,000 professionals. Key insights include:

  • The frequency and types of cyberattacks have evolved, with ransomware and data theft being prominent threats.
  • Advanced threats and alert fatigue are common challenges, requiring effective and proactive cybersecurity measures.
  • The report provides recommendations for improving cybersecurity defenses and reducing the financial and operational impact of cyber incidents.

2024 Security Threat Report

The Sophos 2024 Threat Report focuses on the evolving threat landscape, particularly for small businesses. Key points include:

  • A shift in malware focus towards data theft, with spyware and password stealers being prevalent.
  • Increasing sophistication in social engineering tactics.
  • The importance of understanding and mitigating vulnerabilities to combat the growing threats posed by cybercrime-as-a-service.

These insights collectively underscore the critical importance of strategic investments in cybersecurity defenses, the integration of IT and cybersecurity functions, and the necessity of aligning cyber insurance policies with organizational needs to enhance overall cybersecurity outcomes.

For more detailed insights, you can read the full reports on the [Sophos News and [Sophos] websites.

The detailed Sophos article can be found here: A tumultuous, titanic Patch Tuesday as Microsoft makes some changes

Burnt Cigar 2: Scripting the Burning of Your Own Defense

Understanding the CrowdStrike Global Outage: Insights and Guidance from Sophos

Analyzing the Incident and Addressing Key Questions for Customers and Partners

On July 19, 2024, a “content update” issued by CrowdStrike for its Falcon endpoint agent on Windows devices led to significant disruptions across various industries worldwide, including travel, banking, healthcare, and retail.

What Happened?

Cyber threats often exploit large-scale disruptions. In this post, we aim to clarify what happened during the CrowdStrike incident and address key questions from our customers and partners, referencing the original insights provided by Sophos.

Our collective mission in the cybersecurity industry is to safeguard organizations from attacks. Despite commercial competition, we stand united against cybercriminals. We extend our support to CrowdStrike and wish all affected organizations a swift recovery.

Cybersecurity is a complex and fast-evolving field. As Joe Levy, CEO of Sophos, noted on LinkedIn, “For those of us deeply involved in kernel operations, such incidents can happen despite all precautions, and no system is ever 100% immune.”

Incident Overview

  • Nature of the Incident: This was not a result of a security breach or cyberattack at CrowdStrike.
  • Impact on Availability: Although not a security incident, the disruption affected system availability, marking it as a cybersecurity issue.
  • Cause: The blue-screen-of-death (BSOD) on Windows machines was triggered by a product “content” update rolled out to CrowdStrike customers.
  • Affected Systems: Organizations using CrowdStrike Falcon agents on Windows systems were impacted. Linux and macOS devices remained unaffected.
  • Resolution: CrowdStrike identified the problematic update and reverted it. They have provided remediation guidance to their customers.

Understanding “Content” Updates

This incident stemmed from a typical product “content” update to CrowdStrike’s endpoint security software—a routine procedure for enhancing protection logic against emerging threats. Such updates are common across many cybersecurity providers, including Sophos. However, unexpected issues can occur, as demonstrated in this case.

CrowdStrike’s Response

CrowdStrike has issued a statement with remediation guidance, available on their website:
[CrowdStrike Falcon Content Update Remediation and Guidance Hub](https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/)

Vigilance Against Cybercriminals

It’s crucial to remain vigilant, as cybercriminals may exploit this situation through malicious domains and phishing campaigns. Always verify communication with authorized CrowdStrike representatives.

Impact on Sophos Customers

Sophos customers using their endpoint protection solutions, including Sophos Endpoint with Sophos XDR or Sophos MDR, were not affected by the CrowdStrike incident. A small number of customers using the Sophos “XDR Sensor” agent alongside CrowdStrike Falcon might have experienced some impact.

Sophos’ Mitigation Strategies

According to Sophos, they continually update their endpoint protection products and release regular content updates to counter evolving threats. Their processes, honed over three decades, minimize the risk of customer disruption, although this risk is never entirely eliminated.

Sophos’ Update Procedures

  1. Testing: All updates undergo rigorous testing in internal quality assurance environments.
  2. Internal Deployment: Updates are first rolled out to all Sophos employees and infrastructure.
  3. Gradual Customer Deployment: Once internal testing is successful, updates are gradually released to customers in stages, monitored through real-time telemetry.
  4. Rollback Capability: If issues arise, the affected systems are limited, and quick rollback is possible.

Customer Control Options

Sophos customers can manage endpoint product updates using update management policy settings, including options for Recommended (Sophos-managed), Fixed-term support, and Long-term support, with customizable scheduling.

### Ensuring Quality and Security

All content updates are tested and reviewed to meet quality standards before production release. Sophos adheres to a secure development lifecycle, detailed in the Sophos Trust Center. Further information on their development principles for Sophos Endpoint is available in their knowledgebase.

By maintaining stringent quality controls and continuous improvement, Sophos strives to protect its customers and stay ahead in the cybersecurity landscape. For more detailed insights, you can refer to Sophos’ original article on this topic.

Finite Technologies is a Sophos Reseller contact us if you would like more information on hos Sophos Integrate suite of security products can protect your business.