After an experience shared by Kevin Beaumont earlier this month, Microsoft, along with Marcus Hutchins, has studied the scope of hacks possible with BlueKeep vulnerability.
Microsoft Defender Advanced Protection Team has detailed in its blog about the continues exploitations happening with BlueKeep’s vulnerability and urged all windows users to update to their new security patch immediately.
Microsoft resulted that the coin mining campaign happened in September this year has used the same command-and-control infrastructure as of October’s BlueKeep Metasploit campaign. By which, both these attacks are tried by the same attacker. Though it did not result in system crashing or hacking, it’s observed that the attackers are trying to install a cryptocurrency coin miner, very hard.
What Do Attackers Do?
Not all attackers have the same intention of hacking your systems and ask for ransom. Some do their work (earn) by using your resources without your permission. Attackers, in this context, use BlueKeep’s vulnerability and try downloading few PowerShells, which finally dump a payload of cryptocurrency mining code that uses your computer’s resources to extract/mine cryptocurrencies and send them. Pretty good right?
Protect Or Shut.
Though there were no severe attacks happened till date, Microsoft believes that BlueKeep’s vulnerability can be used for huge attacks in the near future.
Along with Microsoft, Raymond’s Security Research Team to believes that the BlueKeep’s exploits, if improved, will be a threat. As long as systems remain unpatched, credential hygiene is not achieved, and overall security posture is not kept in check, they opined.
If not able to defend, Microsoft recommends the RDP Port, which causes this vulnerability to shut down for being secure.