Tech and security commentators have expressed their fears that a version of the BlueKeep malware (that’s been included in a commercial penetration testing toolkit) could prove to be dangerous if it falls into the wrong hands.
What Is BlueKeep?
BlueKeep is a kind of malware that can be deployed to exploit a vulnerability in older versions of the Windows operating system. The malware, which was discovered in May, is estimated to have already affected one million systems globally, and is, therefore, thought to have the potential to become a bigger threat than WannaCry (the ransomware from 2017 that affected 300,000 computers in 150 countries worldwide).
The vulnerability that BlueKeep uses is the Remote Desktop Protocol (RDP) and can affect Windows Vista, 7, XP, Server 2003 and Server 2008 operating systems. BlueKeep will not affect Windows 10.
BlueKeep is self-replicating, without the need for user interaction, and once an attacker has sent malware packets to an unpatched system where RDP is enabled the attacker is then able to perform several actions including adding user accounts, installing more malicious programs and changing data.
A patch was issued by Microsoft back in May for all supported Windows operating systems, Windows XP and Server 2003.
Version Commercially Available
Bearing in mind the threat to businesses and individual users posed by BlueKeep some tech and security commentators have expressed concern that a working version of BlueKeep has been released commercially by Immunity as part of its CANVAS penetration testing toolkit. Even though the price of the toolkit may deter purchases by potential attackers just to get their hand on BlueKeep, the fear still exists that this commercial release may be dangerous if it falls into the wrong hands.
Healthcare and Telecoms Systems Risk
Some security commentators have noted that older healthcare computer systems and the kind of end-customer systems that can’t be upgraded themselves that are used by telecoms companies may be at risk of being infected.
What Does This Mean For Your Business?
BlueKeep is a real threat for those businesses still using the older versions of the Windows operating system (Vista, 7, XP, Server 2003 and Server 2008). Although a patch has been issued, patching some business systems can be complicated and time-consuming, but businesses are advised to do so as soon as possible bearing in mind how quickly and easily BlueKeep has spread to date.
In addition to making sure Windows systems are patched and up to date, business IT administrators can also take precautions like disabling any unused and unneeded RDP services, blocking TCP Port 3389 and enabling network-level authentication in RDP services so that would-be attackers can be prevented from performing remote code execution without valid credentials.