During all these awareness efforts we are here, Windows ‘BlueKeep’ CyberAttack Is Happening Right Now.
Even That U.S. Government has warned us about the devastating risks of BlueKeep a security vulnerability that was discovered in Microsoft's Remote Desktop Protocol implementation, which allows for the possibility of remote code execution.
As a vulnerability such as Wanna Cry describes Microsoft Bluekeep. Now security researchers discovered the first malware that exploits the gap. However, this is still a long way from the worst-case scenario.
Already in May, Microsoft vigorously warned of a vulnerability that could spread like Wanna Cry independently. For the first time, security researchers Kryptos Logic have been able to sift through malicious software that exploits the Bluekeep gap. However, it seems almost harmless to the potential of the vulnerability.
Since Microsoft released security updates in May for all supported and even unsupported operating systems, there was silence before the storm. A wave of attack on unprotected devices that did not play the security updates was just a matter of time. Gradually, security researchers also released proof of concepts (PoC) or even exploits for pentesting software. But the big attack was slow is coming.
For the first time, security researchers discovered malicious software in the wild, exploiting the Bluekeep vulnerability. In a honeypot, a computer with vulnerabilities run by security researchers to detect and analyze malicious software, they discovered malicious software that used the loophole to steal computing power. This used the malicious software for cryptomining. However, the malicious software crashed the affected Honeypot, so security researchers doubt the reliable functioning of the malicious software.
The Bluekeep Cryptominer is not a worm
The Bluekeep vulnerability allows malicious code to be executed on an affected Windows system without the need for system authentication or user interaction. A computer worm could self-propagate through the vulnerability from vulnerable computer to vulnerable computer. However, according to the security researchers, the malicious software that has now been discovered does not spread on its own. Instead, the attackers scan for vulnerable systems and then attack them.
One reason for the absence of a Blueekeep worm could be Microsoft's handling of the vulnerability. Security updates and warnings from Microsoft may have contributed to significantly reducing vulnerable devices. "Every month that passes without a worm being released, more people are turning to security updates and the number of vulnerable devices is falling," said security researcher Jake Williams Wired. That so far no attacker had exploited the gap on a large scale, could also be based on a cost-benefit calculation. There may be too little affected Windows machines, as that is worth the effort, explains Williams.
In contrast, Wanna Cry paralyzed millions of Windows machines in 2017 , leading to system failures at a number of companies . In addition to the scoreboards of the train denied many money, ticket and gas station machines the service. Calculator of the mobile operator Telefónica were also affected, and the car manufacturer Renault had stopped its production in some plants as a precaution. The Wanna Cry malware was based on a vulnerability in Samba hoarded by the US National Security Agency (NSA), leaked by the hacker group The Shadow Brokers.
- Amram is a technical analyst and partner at DFI Club Research, a high-tech research and advisory firm .He has over 10 years of technical and business experience with leading high-tech companies including Huawei,Nokia,Ericsson on ICT, Semiconductor, Microelectronics Systems and embedded systems.Amram focuses on the business critical points where new technologies drive innovations.