Microsoft warns users to stay alert for more BlueKeep attacks

By -

 Microsoft: BlueKeep exploit will likely be used to deliver payloads more impactful and damaging than coin miners.

Microsoft's security team believes that more destructive BlueKeep attacks are on the horizon and urges users and companies alike to apply patches if they've been lagging.


The company's warning comes after security researchers detected the first-ever malware campaign that weaponized the BlueKeep vulnerability.

The attacks, which were detected last weekend, used BlueKeep to break into unpatched Windows systems and install a cryptocurrency miner.

Many security researchers considered the attacks underwhelming and not living up to the hype that was built around BlueKeep for the past six months.

This was because Microsoft said BlueKeep could be used to build wormable (self-spreading) malware. However, the attacks that happened over the weekend did not deploy malware that could spread on its own.

Instead, attackers scanned the internet for vulnerable systems and attacked each unpatched system, one at a time, deploying a BlueKeep exploit, and then the cryptocurrency miner.

This was far from the self-spreading malware outbreak that Microsoft said BlueKeep could trigger. Furthermore, in many cases, the BlueKeep exploit failed to work, crashing systems.

But Microsoft says this is just the beginning, and that attackers will eventually refine their attacks, and that the worst is yet to come.

"While there have been no other verified attacks involving ransomware or other types of malware as of this writing, the BlueKeep exploit will likely be used to deliver payloads more impactful and damaging than coin miners," Microsoft said today. "We cannot discount enhancements that will likely result in more effective attacks."

Now, Microsoft is warning and urging users to apply patches -- for the third time this year.

"Customers are encouraged to identify and update vulnerable systems immediately," the company said. "Many of these unpatched devices could be unmonitored RDP appliances placed by suppliers and other third-parties to occasionally manage customer systems. BlueKeep can be exploited without leaving obvious traces, customers should also thoroughly inspect systems that might already be infected or compromised."

THE BLUEKEEP LOWDOWN

Because there's been a flood of BlueKeep-related coverage this year, below is a summary of what you need to know. Just the essentials:

  • BlueKeep is a nickname given to CVE-2019-0708, a vulnerability in the Microsoft RDP (Remote Desktop Protocol) service.
  • BlueKeep impacts only: Windows 7, Windows Server 2008 R2, Windows Server 2008.
  • Patches have been available since mid-May 2019. See official Microsoft advisory.
  • On the same day it released patches, Microsoft published a blog post warning about BlueKeep being wormable.
  • Microsoft issued a second warning about orgs needing to patch BlueKeep, two weeks later, at the end of May.
  • The US National Security Agency, the US Department of Homeland SecurityGermany's BSI cyber-security agency, the Australian Cyber Security Centre, and the UK's National Cyber Security Centre have all issued their own security alerts, trying to get companies to patch outdated computer fleets.
  • Many security researchers and cyber-security firms developed fully-working BlueKeep exploits over the summer; however, nobody published the code after realizing how dangerous the exploit was, and fearing that it could be abused by malware authors.
  • In July, a US company started selling a private BlueKeep exploit to its customers, so they could test if their systems were vulnerable.
  • In September, the developers of the Metasploit penetration testing framework published the first public BlueKeep proof-of-concept exploit.
  • In late October, malware authors started using this BlueKeep Metasploit module in a real-world campaign. Microsoft has an article about this malware campaign here.
  • According to BinaryEdge, there are roughly 700,000 internet-connected Windows systems that are vulnerable to BlueKeep, and have yet to receive patches.

Comments

Post a Comment

Popular Posts

Hacker steals data of millions of Bulgarians, emails it to local media

By -
Image
  Source of the data breach appears to be the country's National Revenue Agency A mysterious hacker has stolen the personal details of millions of Bulgarians and has emailed download links to the stolen data to local news publications. The data's origin is believed to be the country's National Revenue Agency (NRA), a department of the Bulgarian Ministry of Finance. In a  message posted on its website  on Monday, the NRA said it was working with the Ministry of the Interior and the State Agency for National Security (SANS) to investigate the hack. "We are currently verifying whether the data is real," said the NRA. Hours after this article's publication, the Bulgarian Ministry of the Interior  confirmed the hack . HACKER STOLE 110 DATABASES, LEAKED 57 According to reports from local media [ 1 ,  2 ,  3 ,  4 ,  5 ], who received part of the data, the hacker said they stole the personal details of over five million Bulgarians, of the country's total populatio
Read more

​Linux totally dominates supercomputers

By -
Image
It finally happened. Today, all 500 of the world's top 500 supercomputers are running Linux. Linux rules supercomputing. This day has been coming since 1998, when Linux first appeared on the TOP500 Supercomputer list . Today it finally happened:  All 500 of the world's fastest supercomputers are running Linux . The last two non-Linux systems, a pair of Chinese IBM POWER computers running AIX, dropped off the  November 2017 TOP500 Supercomputer list . Overall, China now leads the supercomputing race with 202 computers to the US' 144. China also leads the US in aggregate performance. China's supercomputers represent 35.4 percent of the Top500's flops, while the US trails with 29.6 percent. With an anti-science regime in charge of the government, America will only continue to see its technological lead decline. When the  first Top500 supercomputer list was compiled in June 1993 , Linux was barely more than a toy. It hadn't even adopted Tux as its masc
Read more

Microsoft tries to stem its self-made collaboration-tool confusion

By -
Image
Microsoft is using this week's Ignite conference to try to help clarify its collaboration-tool strategy. Here's how SharePoint, Teams and Yammer figure in the mix. Choice is good. But too much choice, especially when it comes to collaboration tools, has been a problem for Microsoft. This isn't news to customers, partners or Microsoft execs themselves. But at the company's Ignite IT Pro conference in Orlando this week, Microsoft execs took a step to try to clarify the company's strategy and messaging in this area. Microsoft Office 365 Marketing chief Ron Markezich kicked off the conference this week with a slide entitled "Microsoft 365 Teamwork: Where to Start a Conversation." That slide attempts to do what  Microsoft initially attempted with a 60-plus-page whitepaper : Clarify which collaboration tools customers should use when. The slide, which features SharePoint -- and its files, sites and content storage at the center -- is broken down into t
Read more