Following a recent series of attempts to exploit BlueKeep, Microsoft recommends that all users fix their outdated Windows systems to avoid being attacked.
The software giant's Microsoft Defender ATP research team published an article warning against an increase in BlueKeep's business. vulnerable machine assemblies. "
The researchers also noted that the BlueKeep attacks reported earlier this month by security researcher Kevin Beaumont were related to a parts extraction campaign that used the same command and control servers to launch attacks on vulnerable systems. Beaumont even went as far as create a worldwide network of honeypots to detect the development of the exploits of BlueKeep in the wild. However, the network was blocked for the first time in early October and as a result of this accident, all the remaining honey pots, except those located in Australia, were also disconnected.
Security researcher Marcus Hutchins (aka MalwareTech) also confirmed that this series of exploit attacks by BlueKeep was still ongoing. Microsoft worked with the two security researchers to investigate the incidents and found that they had been caused by a BlueKeep operating module.
Blue Keep Attacks
In early September, Microsoft implemented a behavior detection system for the BlueKeep Metasploit module. The company found that the number of RDP collisions increased from 10 to 100 per day in September and a similar spike occurred in early October.
BlueKeep is a remote code execution vulnerability that can also become a worm that affects Windows XP, Windows 7, Windows Server 2003, Windows Vista, and Windows Server 2008. The vulnerability itself is pre-authentication, which means that it does not requires no user interaction to be exploited.
BlueKeep can be dewormed, allowing any malicious program to exploit the vulnerability to spread from one vulnerable system to another, again without any user interaction.
However, the attacks launched earlier this month did not deploy any malicious malware. Instead, the cybercriminals behind this recent wave of attacks swept the web in search of vulnerable machines and targeted uncorrected systems by deploying a BlueKeep exploit followed by a minor cryptocurrency.
Microsoft believes that this is just the beginning and that the worst is yet to come as hackers will refine their attacks and use BlueKeep to generate malicious charges far worse than the lesser ones.
To avoid falling victim to BlueKeep, it is strongly recommended to fix old Windows operating systems and consider upgrading to the latest version of Microsoft's operating system.
Via The Inquirer