INSUBCONTINENT EXCLUSIVE:
Following a recent spike in BlueKeep exploit attempts, Microsoft is recommending that all users patch their out-of-date Windows systems to
avoid falling victim to an attack.The software giant's Microsoft Defender ATP Research Team published a blog post in which they warned of
increased BlueKeep activity, saying: “Microsoft security signals showed an increase in RDP-related crashes that are likely associated with
the use of the unstable BlueKeep Metasploit module on certain sets of vulnerable machines.”The researchers also noted that the BlueKeep
attacks reported earlier this month by security researcher Kevin Beaumont were connected with a coin mining campaign that used the same
command-and-control servers to launch attacks on vulnerable systems
Beaumont even went so far as to create a global honeypot network to detect the development of BlueKeep exploits in the wild
However, the network first crashed at the beginning of October and following this crash, all of the remaining honeypots except for those in
Australia were also taken offline.Security researcher Marcus Hutchins (aka MalwareTech) also confirmed that this series of BlueKeep exploit
attacks were still underway
Microsoft worked with both security researchers to investigate the crashes and it was then that they discovered they were caused by a
BlueKeep exploit module.In early September, Microsoft deployed a behavioral detection system for the BlueKeep Metasploit module
The company observed RDP service crashes had increased from 10 to 100 per day in September and a similar spike occurred in early
October.BlueKeep is a remote code execution vulnerability that is also wormable which affects Windows XP, Windows 7, Windows Server 2003,
Windows Vista and Windows Server 2008
The vulnerability itself is pre-authentication and this means that it requires no user interaction to be exploited.As BlueKeep is wormable,
it can allow any malware exploiting the vulnerability to spread from one vulnerable system to another, once again without any user
interaction at all.However, the attacks that were launched earlier this month did not deploy any wormable malware
Instead the cybercriminals behind this recent wave of attacks scanned the web for vulnerable machines and attacked unpatched systems by
deploying a BlueKeep exploit followed by a cryptocurrency miner.Microsoft believes that this is just the beginning and that the worst is yet
to come as the attackers will refine their attacks and use BlueKeep to deliver malicious payload which are much worse than coin miners.To
avoid falling victim to BlueKeep, it is highly recommended that you patch any older Windows operating systems and consider upgrading to the
latest version of Microsoft's operating system.Via The Inquirer
