Cybersecurity specialist Kevin Beaumont has recorded an attempt to exploit the vulnerability CVE-2019-0708, known as BlueKeep. Hackers use it to mine Monero cryptocurrency, and exploiting the bug could potentially become a repetition of the “epidemic” of the WannaCry ransomware virus.
huh, the EternalPot RDP honeypots have all started BSOD’ing recently. They only expose port 3389. pic.twitter.com/VdiKoqAwkr
— Kevin Beaumont (@GossiTheDog) 2 ноября 2019 г.
Beaumont discovered attempts to exploit the vulnerability after several systems that he configured as traps worked.
The fact of use of BlueKeep for mining Monero was also confirmed by Marcus Hutchins, a cybersecurity expert who managed to stop the distribution of WannaCry virus in May 2017.
It looks like a #BlueKeep worm has finally arrived! Kevin kindly sent me a crash dump and after some investigation I found BlueKeep artifacts in memory and shellcode to drop a Monero Miner. https://t.co/7G88YAW5lr
— MalwareTech (@MalwareTechBlog) 2 ноября 2019 г.
According to experts, the virus does not yet have the possibility of self-distribution – attackers identified the most vulnerable systems and then attacked them.
Many experts consider BlueKeep a serious threat to cybersecurity since the vulnerability affects several versions of Windows at once.
In May 2019, Microsoft released a patch to fix the bug. However, according to BitSight, as of July 2, the number of BlueKeep-prone systems still exceeded 800 thousand devices.
At the moment, attempts to exploit the bug have stopped, Beaumont noted.
The honeypot in Australia pic.twitter.com/7UMR6ZtfQq
— Kevin Beaumont (@GossiTheDog) 3 ноября 2019 г.
The damage from a massive cyberattack on computers using the WannaCry virus exceeded $ 1 billion.