It’s expected, but not at this level. Since May this year, Microsoft has been warning users and enterprises to update their systems to avoid a potential malware worm that could affect their devices via a vulnerability called BlueKeep.
What’s BlueKeep Vulnerability?
BlueKeep (CVE 2019-0708) is a Remote Code Execution (RCE) glitch found in Windows Remote Desktop Protocol (RDP) service. This bug may enable unauthorized attackers to dump and run arbitrary code remotely. With this, they can gain full control over your system and even the entire network to launch DDoS attacks, scrape confidential information or execute codes that may degrade your system.
Kevin Beaumont, a security researcher has got his honeypots (bait machines for hackers) attacked via BlueKeep’s vulnerability. He found this when his systems were turned BSODs and shared his crashdump reports on his Twitter. Immediately, a security research group named Kryptos Logic analysed the issue and resulted in it as the cause of port 3389’s exposure, thus BlueKeep’s vulnerability.
But there’s nothing to worry as they were all honeypots. After decoding the issue, they’ve found that these attackers are just trying to implant a code for cryptocurrency mining, probably Monero (as found by them). This incident isn’t an actual attack, but a mere scanning done by attackers to find such vulnerable systems to hack. While a potential hack was stopped, it’s seen that attackers are successful in using this BlueKeep’s vulnerability. And they could soon use this for severe hacks if mastered properly.
Microsoft is fully aware of such attacks through its RDP. Yet, it maintains for its users communication services over network. But for users who wanted to stay secure, it always passes specific updates for safeguard themselves. Microsoft recommends disabling the Remote Desktop Services if you’re not using it. Disabling such passive services can help reduce a user’s exposure to security vulnerabilities.