Similar to global WannaCry epidemic in 2017, BlueKeep allows cybercriminals to compromise systems without the user’s interaction and spread the infection to other vulnerable devices within the network
Seqrite, a specialist provider of endpoint security, network security, enterprise mobility management and data protection solutions, has highlighted the growing threat presented by CVE-2019-0708, commonly known as BlueKeep. An RDP pre-authentication vulnerability affecting Windows OS, the exploit can be used by cybercriminals and threat actors to compromise systems without the user’s interaction.
What makes BlueKeep particularly frightening is the fact that it is ‘wormable’. Infected systems can be used to target other vulnerable machines within the enterprise network and can even move across networks to spread the infection at scale. This is similar to the method employed by cybercriminals during the global WannaCry epidemic in 2017. Researchers at Seqrite said that the exploit could affect healthcare products like radiography, X-ray and other imaging software that leverage Windows OS.
Another major point of concern is the fact that multiple PoCs exploiting BlueKeep have emerged since the vulnerability was patched by Microsoft. The exploit code for the vulnerability has also been added to the popular exploitation framework, Metasploit, with the module likely to be used by amateur hackers. This makes it easier for cybercriminals – both novice and experts – to carry out large-scale attacks on vulnerable host devices with their RDP ports open to the Internet.
Attacks exploiting BlueKeep have already been detected dropping the Monero cryptocurrency miner on vulnerable systems. Security experts at Seqrite have also analysed the telemetry data to highlight a surge in the number of such attacks; all attacks were successfully blocked by its wide range of enterprise security solutions.
Given the criticality and potential impact of the vulnerability, Seqrite advises all organisations to immediately apply the relevant patch. In case the patch cannot be applied, users can disable RDP access to devices from outside the organisation’s network. Machines which are hosted on the cloud should also be updated to only allow RDP access to whitelisted IPs.
About Seqrite:
Seqrite is the Enterprise Security solutions brand of Quick Heal Technologies Ltd. Launched in 2015, Seqrite solutions are defined by innovation and simplicity. A combination of intelligence, analysis of applications and state-of-the-art technology, Seqrite is designed to provide continuous and better protection for enterprise corporate customers. Seqrite portfolio of solutions includes Endpoint Security, Enterprise Mobility Management (EMM), Unified Threat Management (UTM), Secure Web Gateway (SWG) and data protection technologies like Encryption and Data Loss Prevention (DLP). In addition, Seqrite Services provides comprehensive cybersecurity consulting services to Corporates, PSUs, Government and Law Enforcement Agencies.
For more information, please visit: https://www.seqrite.com/
About Quick Heal Technologies Limited:
Quick Heal Technologies Limited is one of the leading providers of IT Security and Data Protection Solutions with a strong footprint in India and an evolving global presence. Incorporated in the year 1995, with a registered office in Pune, it is an all-round player in cybersecurity with presence in B2B, B2G and B2C segments across multiple product categories – endpoints, network, data and mobility.
With its state-of-the-art R&D centre and deep intelligence on the threat landscape, Quick Heal helps in simplifying security by delivering the best in class protection against advanced cyber-attacks. Its portfolio includes solutions under the widely recognized brand names ‘Quick Heal’ and ‘Seqrite’ across various operating systems and devices.
