After news broke that cybercriminals have started leveraging the BlueKeep vulnerability to deliver cryptocurrency miners, Microsoft has warned that the exploit will likely also be used to deliver more “impactful and damaging” payloads.
While there is no evidence that BlueKeep has been exploited to distribute ransomware or other types of malware, Microsoft believes it’s only a matter of time before it happens.
The assaults, first detailed several days ago, were attempting to deliver cryptocurrency mining malware by exploiting a vulnerability in the Windows Remote Desktop Services (RDS) tracked as CVE-2019-0708, but better known as BlueKeep.
Microsoft initially released a security patch for the vulnerability on May 14, 2019, but that did not stop cybercriminals from targeting it, especially with hundreds of thousands of systems remaining unpatched months after the fix was published.
Kevin Beaumont, the security researcher who named the security flaw, says recent attacks on his honeypots, which started on October 23, were targeting BlueKeep in an attempt to drop a Monero miner.
An analysis performed together with British researcher Marcus Hutchins (aka MalwareTech) has revealed that a BlueKeep Metasploit module that was released in September is being leveraged as part of these new attacks.
According to Microsoft, however, some users have had protection from this wave of assaults since early September, when a behavioral detection for the Metasploit module was rolled out to Microsoft Defender ATP customers.
The BlueKeep Metasploit module appears unstable, causin ..
Support the originator by clicking the read the rest link below.
