Microsoft Defender ATP Research Team has issued another warning to patch systems vulnerable to CVE-2019-0708 (BlueKeep), an unauthenticated remote code execution vulnerability affecting the Remote Desktop Services. The warning came after fresh BlueKeep attacks were detected on 2 November, when vulnerable systems were successfully exploited without crashing and installed with a cryptocurrency miner. The cryptomining campaign has targeted internet-facing RDP services located in France, Russia, Italy, Spain, Ukraine, Germany and the UK. Microsoft has determined that the same threat group is also responsible for an earlier coin mining campaign in October, which made use of the BlueKeep exploit released for Metasploit. Microsoft expects hackers to make further enhancements to the BlueKeep exploit so that it becomes more effective in spreading malicious payloads such as ransomware rather than crashing the target systems.
References:Microsoft Works with Researchers to Detect and Protect against New RDP Exploits
More Weekly Cyber Newsanalysis and insights
Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.
Ensign Systems Integration
Architecting and implementing cybersecurity solutions that bolster defences
Ensign Managed Security Services
Managing your security operations for advanced threat detection, continuous monitoring, and triage services