October is coming, and for Windows 10 users, the stakes could not be higher. As Microsoft prepares to finally sunset one of its most widespread operating systems, over half of all Windows users still cling to it, according to recent Statcounter data. If you’re one of them—and chances are, you are—here’s why you might want to readjust your cybersecurity posture, double-check your update settings, or at the very least, start saving up for a new machine (preferably one with a keyboard that still has all its letters).
More than 54% of Windows users were running Windows 10 in March, while just 42.7% had migrated to Windows 11. This is not exactly what Microsoft—nor cyber experts—were hoping to see as support deadlines loom ominously close. Despite a year and a half of nudging, nudging, and then some more nudging, Home and Pro users are still clinging to their familiar tiles, start menus, and update screens with the same ardor as a cat clutching its favorite pillow.
But here’s the rub: windows that stay open too long tend to invite the bugs in. And bugs—of the binary kind—are precisely what infosec professionals are worried about.
Vakaris Noreika, cybersecurity expert at NordStellar, puts it plainly: “Windows 10 has been heavily targeted for years due to its popularity. However, it will have an even bigger target on its back in the wake of its end of life, which will eventually create new vulnerabilities.”
Translation: If you thought it was bad before, just wait until October 2025.
The only way to extend your system’s digital lease on life is to pony up for an Extended Security Updates program—something that might buy you one more year (for a fee), but it’s a bit like putting a band-aid on a sinking ship: it offers some comfort, but you’re still going down.
Let that sink in: one fifth of all Windows machines kept barrelling onward with Windows 7, despite being left out in the cold, support-wise.
The result? A field day for cybercriminals. Reports of malware specifically targeting out-of-date systems skyrocketed. If it hadn’t already, your grandma’s recipe files (and possibly her bank login) were suddenly being ogled by Russians in track suits or kids in their parents’ basements. The point is, delayed migration isn’t just a harmless quirk—it’s a digital siren song for bad actors.
“Outdated operating system vulnerabilities go beyond just infostealers,” says Noreika. “These weaknesses can make cyberattacks more effective, potentially leading to data leaks.” And for companies, this isn’t just a mild inconvenience—the fallout can include millions in direct losses, regulatory penalties, insurance hikes, and, worst of all, shattered client trust.
Studies have shown that data breaches cost U.S. companies an average of $4.45 million per incident as of 2023. The loss of customer records, intellectual property, or medical data can take years to recover from—if at all. And as regulations like GDPR and CCPA gain teeth, the legal and financial consequences are only intensifying.
Unlike ransomware, which announces itself dramatically, or cryptominers, which drain your processing power, infostealers often go undetected for weeks or months. They prey on unpatched vulnerabilities and can infiltrate via phishing, malicious downloads, or poisoned websites. Once inside, they quietly rifle through your digital drawers, making copies of anything lucrative.
NordStellar’s data is telling: 59% of December 2024’s infostealer victims were on Windows 10. That’s not merely a coincidence; that’s a direct result of attackers targeting the most popular, and soon-to-be unprotected, operating system base.
For businesses and individuals undertaking the leap, it’s not all smooth sailing. Windows 11 brings with it a host of new security features—ranging from virtualization-based security (VBS) to stronger hardware requirements—but these only work if you’ve actually made the switch. And for anyone feeling nostalgic about Windows 10’s more “classic” interface, well… nostalgia is a luxury rarely afforded in cybersecurity.
Large organizations might view this as a way to buy some time, especially as they scramble to validate mission-critical apps and wrangle legacy infrastructure. But make no mistake: Microsoft’s message is clear. Pay up for another year, but eventually, “buh-bye.”
At the same time, organizations that prioritize preventative upgrades, robust monitoring, and regular user education stand the best chance of staying out of the crosshairs. It’s a tough message, but one that’s echoed by every major infosec professional: migrate or risk catastrophe.
And for the resisters? Well, there’s always Linux. Or, for the truly intrepid, a typewriter.
Cyberattackers are waiting. Infostealers are lurking. Unpatched vulnerabilities, the digital version of open-windows-in-a-hurricane, beckon malware with a come-hither wink.
If you’re still on Windows 10, the moment to plan your exit strategy is now. Because October 2025 is coming—for you, for your data, and, quite possibly, for your peace of mind.
In the meantime, maybe start looking for those Windows 11 tutorials—or at least dust off your backups. It’s going to be a wild ride.
Source: cybernews.com https://cybernews.com/cybercrime/windows-10-cybersecurity-threats-infostealers/
Windows 10: Still Going Strong… But For How Long?
More than 54% of Windows users were running Windows 10 in March, while just 42.7% had migrated to Windows 11. This is not exactly what Microsoft—nor cyber experts—were hoping to see as support deadlines loom ominously close. Despite a year and a half of nudging, nudging, and then some more nudging, Home and Pro users are still clinging to their familiar tiles, start menus, and update screens with the same ardor as a cat clutching its favorite pillow.But here’s the rub: windows that stay open too long tend to invite the bugs in. And bugs—of the binary kind—are precisely what infosec professionals are worried about.
Infostealers: More Than Just a Catchy Name
Let’s talk about infostealers—those sneaky, data-munching programs that slither in through vulnerable systems, hoovering up everything from passwords to browsing histories. According to data from NordStellar, a threat exposure management platform, 59% of systems hit by infostealers in December 2024 were still running Windows 10. That’s a big, juicy number if you’re a cybercriminal, and a stomach-churning one if you’re a user or a sysadmin.Vakaris Noreika, cybersecurity expert at NordStellar, puts it plainly: “Windows 10 has been heavily targeted for years due to its popularity. However, it will have an even bigger target on its back in the wake of its end of life, which will eventually create new vulnerabilities.”
Translation: If you thought it was bad before, just wait until October 2025.
End-of-Life: What Does It Really Mean?
October 14th, 2025, marks Windows 10’s “official end of support.” It’s not quite the doomsday clock, but it’s the next best (or worst) thing for an operating system. Here’s what you can expect:- No more security updates
- No vulnerability patches
- No free official support from Microsoft
The only way to extend your system’s digital lease on life is to pony up for an Extended Security Updates program—something that might buy you one more year (for a fee), but it’s a bit like putting a band-aid on a sinking ship: it offers some comfort, but you’re still going down.
History Repeats Itself: A Cautionary Tale from Windows 7
If all of this sounds familiar, that’s because it is. Back in the pre-COVID days, Windows 7 users watched as their beloved OS drifted toward end-of-life, only to hold onto it with white-knuckled defiance. Six months before Windows 7’s expiration, it held onto a 23% market share. On the day the deadline arrived? A mere 3% drop to 20%.Let that sink in: one fifth of all Windows machines kept barrelling onward with Windows 7, despite being left out in the cold, support-wise.
The result? A field day for cybercriminals. Reports of malware specifically targeting out-of-date systems skyrocketed. If it hadn’t already, your grandma’s recipe files (and possibly her bank login) were suddenly being ogled by Russians in track suits or kids in their parents’ basements. The point is, delayed migration isn’t just a harmless quirk—it’s a digital siren song for bad actors.
Adoption Rates: Why the Reluctance?
Obstinacy might be a big part of it. People know what they like, and change is hard—especially when “change” means updating device drivers, dealing with application incompatibility, or facing that weird new context menu. But the real blockers often run deeper:- Hardware Limitations: Windows 11’s system requirements are steep. TPM 2.0? Secure Boot? For many older machines, it’s like asking your grandma to run a marathon.
- Compatibility Issues: Specialized software and tools, especially in enterprise environments, aren’t always ready for the latest OS. Upgrading means risk, revalidation, and sometimes costly licenses.
- Cost Concerns: Buying new hardware, software, or support contracts isn’t cheap—and for large organizations, the price tag can climb into the millions.
- General Apathy/Avoidance: “If it ain’t broke, don’t fix it” is a comforting mantra—until it’s suddenly very, very broke.
The True Cost of Outdated Operating Systems
Let’s get blunt: sticking with an unsupported OS is not just risky, it’s potentially catastrophic. Microsoft leaving Windows 10 out to pasture means every new vulnerability discovered (and make no mistake, there will be plenty) goes unpatched. Over time, these vulnerabilities pile up like uncollected garbage, inviting all manner of digital rodents to feast.“Outdated operating system vulnerabilities go beyond just infostealers,” says Noreika. “These weaknesses can make cyberattacks more effective, potentially leading to data leaks.” And for companies, this isn’t just a mild inconvenience—the fallout can include millions in direct losses, regulatory penalties, insurance hikes, and, worst of all, shattered client trust.
Studies have shown that data breaches cost U.S. companies an average of $4.45 million per incident as of 2023. The loss of customer records, intellectual property, or medical data can take years to recover from—if at all. And as regulations like GDPR and CCPA gain teeth, the legal and financial consequences are only intensifying.
Infostealers in Focus: How They Work
So what are these “infostealers,” and why does Windows 10 seem especially prone to them? The answer lies in their design: infostealers are designed to quietly collect sensitive information—logins, browser cookies, chat logs, even crypto wallets—and send them off to remote servers controlled by cybercrime gangs.Unlike ransomware, which announces itself dramatically, or cryptominers, which drain your processing power, infostealers often go undetected for weeks or months. They prey on unpatched vulnerabilities and can infiltrate via phishing, malicious downloads, or poisoned websites. Once inside, they quietly rifle through your digital drawers, making copies of anything lucrative.
NordStellar’s data is telling: 59% of December 2024’s infostealer victims were on Windows 10. That’s not merely a coincidence; that’s a direct result of attackers targeting the most popular, and soon-to-be unprotected, operating system base.
What About Windows 11? The Slow Climb to Safety
Windows 11 adoption is up, but not by much. Its market share climbed by less than 5% from February to March. If anything, the urgency isn’t translating into actual upgrades—at least, not fast enough. NordStellar estimates that by next October, between 30-40% of systems may still be running Windows 10. That could mean tens of millions of machines ripe for exploitation.For businesses and individuals undertaking the leap, it’s not all smooth sailing. Windows 11 brings with it a host of new security features—ranging from virtualization-based security (VBS) to stronger hardware requirements—but these only work if you’ve actually made the switch. And for anyone feeling nostalgic about Windows 10’s more “classic” interface, well… nostalgia is a luxury rarely afforded in cybersecurity.
Extended Security Updates: A Stay of Execution
Microsoft knows not everyone can—or will—upgrade by the deadline, so it’s offering Extended Security Updates for one more year, at an extra cost. Historically, this stopgap measures provides only essential security patches, not updates or new features.Large organizations might view this as a way to buy some time, especially as they scramble to validate mission-critical apps and wrangle legacy infrastructure. But make no mistake: Microsoft’s message is clear. Pay up for another year, but eventually, “buh-bye.”
The Hidden Risks No One Talks About
While the headlines focus on infostealers and ransomware, outdated OS use opens the door to a slew of less headline-grabbing, but equally insidious, problems:- Botnets: Older, unpatched systems are prime targets for recruitment into botnets—massive networks of compromised machines used for spam, credential stuffing, or DDoS attacks.
- Lateral Movement: Once inside a network, attackers use outdated endpoints as stepping stones to more valuable targets, like cloud services or administrator consoles.
- Supply Chain Attacks: Third-party vendors operating on unsupported OSes can become the unwitting entry point for attacks against larger partners.
- Compliance Violations: Regulatory frameworks often mandate up-to-date security practices. Running unsupported software could lead to non-compliance—a headache with hefty fines.
What Can You Do? Practical Steps for a (Slightly) Safer Tomorrow
If you’re still running Windows 10 (don’t worry, you’re in good company), here are some actionable steps to avoid becoming the next hapless headline:- Inventory Everything: Know what systems, applications, and devices are still dependent on Windows 10. You can’t fix what you can’t see.
- Patch Aggressively: While you still have access, install every available update—OS patches, browser updates, security tools, all of it.
- Consider Upgrading: If your hardware can handle it, start planning the move to Windows 11. Slow and steady migrations end up as tragic IT horror stories.
- Lean on Security Tools: Enable multifactor authentication, deploy endpoint security platforms, and monitor network activity for suspicious traffic.
- User Training: Phishing remains the #1 attack vector. Investing in security awareness pays dividends.
- Plan for the Inevitable: Begin budget discussions for hardware refreshes, application upgrades, and (if necessary) extended support licenses.
- Isolation: For machines that simply can’t be upgraded, isolate them from critical business networks as much as possible.
Looking Ahead: The Shape of Attacks to Come
Cybersecurity experts warn that the golden era of Windows 10 exploitation is just beginning. As the OS slides into obsolescence, cybercriminals will zero in on the largest unprotected herd in digital history. The tools they wield—automated exploit kits, customized infostealers, wormable malware—are only growing craftier.At the same time, organizations that prioritize preventative upgrades, robust monitoring, and regular user education stand the best chance of staying out of the crosshairs. It’s a tough message, but one that’s echoed by every major infosec professional: migrate or risk catastrophe.
And for the resisters? Well, there’s always Linux. Or, for the truly intrepid, a typewriter.
The Bottom Line: Time to Let Go (Or Face the Consequences)
Windows 10 had a good run. In fact, it’s still running, right now, on more than half of all Windows PCs worldwide. But operating system immortality is a myth, and the risks of refusing to upgrade are real—and multiplying rapidly.Cyberattackers are waiting. Infostealers are lurking. Unpatched vulnerabilities, the digital version of open-windows-in-a-hurricane, beckon malware with a come-hither wink.
If you’re still on Windows 10, the moment to plan your exit strategy is now. Because October 2025 is coming—for you, for your data, and, quite possibly, for your peace of mind.
In the meantime, maybe start looking for those Windows 11 tutorials—or at least dust off your backups. It’s going to be a wild ride.
Source: cybernews.com https://cybernews.com/cybercrime/windows-10-cybersecurity-threats-infostealers/
Last edited:
