• News
  • Security
  • Products
  • About Seqrite
Seqrite Blog Blog
  • News
  • Security
  • Products
  • About Seqrite
Home  /  Cryptocurrency • Malware  /  BlueKeep Attacks seen in the wild!
08 November 2019

BlueKeep Attacks seen in the wild!

Written by Sameer Patil
Sameer Patil
Cryptocurrency, Malware
Estimated reading time: 2 minutes

CVE-2019-0708, popularly known as BlueKeep, is a RDP pre-authentication vulnerability which allows attacker to compromise a vulnerable system without user’s interaction. This exploit is also wormable, meaning that it can spread to other vulnerable systems in a similar way as the WannaCry malware spread across the globe in 2017. Interestingly, healthcare products like radiography, X-ray and other imaging software of various healthcare vendors running on Windows OS are also affected by the BlueKeep exploit.

Since the time this vulnerability was patched by Microsoft, multiple PoCs exploiting it have emerged in public. In September, exploit code for this vulnerability was added in the popular exploitation framework, Metasploit. Chances are that, script kiddies would jump on this Metasploit module to carry out large scale attacks on vulnerable hosts with RDP port open to Internet. Recently, few sources reported that attackers are exploiting this vulnerability for dropping Monero cryptocurrency miner on the unpatched vulnerable machines. We saw an uptick in the detections for these attacks in our telemetry as well. Here is the OS-wise distribution of BlueKeep attacks we blocked in last 6 months.

Fig. 1: OS-wise distribution of BlueKeep attacks blocked by Quick Heal in last 6 months

Considering the criticality of this vulnerability, it’s advised to patch it immediately. If applying patches is not an option for some reasons, users are advised to follow these best practices related to RDP:

  1. Disable RDP access from outside Organization/Company network.
  2. For machines hosted on cloud, allow RDP access to whitelisted IPs only.

Quick Heal blocks the attacks for this exploit with the following IPS Signatures:

  • Remote Desktop Services RCE Vulnerability CVE-2019-0708
  • RDP/CVE-2019-0708.UN!SP.34961

 Previous PostThe importance of cybersecurity for satellite communications
Next Post  The past, present and future of cybersecurity
Sameer Patil
About Sameer Patil

Sameer Patil is part of the IPS team in Quick Heal. He has 4 years of experience working in different security products and architectures. His interest lies in...

Articles by Sameer Patil »

Related Posts

  • Malware-as-a-service: Cybercrime’s nine-to-five

    Anyone, even you, can carry out cyberattacks with the Malware-as-a-Service model

    October 30, 2020
  • Masslogger’s malice imposes spying and keylogging in businesses.

    MassLogger: An Emerging Spyware and Keylogger

    July 31, 2020
  • Snake ransomware stings to spread its venom in the veins of enterprise networks.

    Snake Ransomware brings impending doom to enterprise networks

    July 10, 2020

No Comments

Leave a Reply.Your email address will not be published.

Cancel reply

CAPTCHA Image
Refresh Image

Popular Posts

  • Turn the Page: Cybersecurity Predictions for 2021 & beyond Turn the Page: Cybersecurity Predictions for 2021 & beyond February 18, 2021
  • The Data breach inferno burning big-ticket businesses The Data breach inferno burning big-ticket businesses February 5, 2021
  • Pharma Sector needs to streamline its insides to avoid cyberattacks Pharma Sector needs to streamline its insides to avoid cyberattacks February 12, 2021

Featured Authors

  • Seqrite
    Seqrite

    Follow us for the latest updates and insights related to security for...

    Read more..
  • Viraj Talikotkar
    Viraj Talikotkar

    Viraj is a Lead Technical Writer at Quick Heal Technologies. He is always on...

    Read more..
  • Sanjay Katkar
    Sanjay Katkar

    Sanjay Katkar is the Joint Managing Director and Chief Technology Officer of...

    Read more..

Latest Posts

  • Businesses now worried about the surge in COVID-19 infodemic

    Businesses now worried about the surge in COVID-19 infodemic

    February 26, 2021
  • Turn the Page: Cybersecurity Predictions for 2021 & beyond

    Turn the Page: Cybersecurity Predictions for 2021 & beyond

    February 18, 2021
  • Pharma Sector needs to streamline its insides to avoid cyberattacks

    Pharma Sector needs to streamline its insides to avoid cyberattacks

    February 12, 2021

Stay Updated!

Topics

Antivirus For Linux (10) apt (9) BYOD (9) COVID-19 (10) Cyber-attack (31) cyber-attacks (56) cyberattacks (12) Cybersecurity (279) cyber security (25) Cyber threat (29) cyber threats (44) Data (11) data breach (50) data breaches (27) data loss (28) data loss prevention (33) data protection (21) data security (13) DLP (49) Encryption (16) endpoint security (102) Enterprise security (14) EPS (9) Exploit (12) firewall (11) hackers (9) IoT (10) malware (58) malware attack (22) malware attacks (12) MDM (25) mobile device management (9) Network security (18) Patch Management (12) phishing (16) Ransomware (56) ransomware attack (29) ransomware attacks (30) ransomware protection (12) Seqrite (24) Seqrite Encryption (27) Seqrite EPS (33) Seqrite Services (16) UTM (34) Vulnerability (10)

Products

  • Endpoint Security (EPS)
  • Seqrite Encryption Manager
  • Seqrite Endpoint Security Cloud
  • Cloud Security
  • Seqrite mSuite
  • Seqrite MobiSMART
  • Unified Threat Management
  • Seqrite Secure Web Gateway
  • Antivirus for Server
  • Antivirus for Linux

Resources

  • White Papers
  • Datasheets
  • Threat Reports
  • Manuals
  • Case Studies

About Us

  • Company Overview
  • Leadership
  • Why choose SEQRITE?
  • Awards & Certifications
  • Newsroom

Archives

  • By Date
  • By Category

© 2020 Quick Heal Technologies Ltd. (Formerly Known as Quick Heal Technologies Pvt. Ltd.) Cookie Policies Privacy Policies

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website.
By browsing this website, you agree to our cookie policy.