Weekly Comments

5 - 12 November 2019

Microsoft Defender ATP Research Team has issued another warning to patch systems vulnerable to BlueKeep.

Microsoft Defender ATP Research Team has issued another warning to patch systems vulnerable to CVE-2019-0708 (BlueKeep), an unauthenticated remote code execution vulnerability affecting the Remote Desktop Services. The warning came after fresh BlueKeep attacks were detected on 2 November, when vulnerable systems were successfully exploited without crashing and installed with a cryptocurrency miner. The cryptomining campaign has targeted internet-facing RDP services located in France, Russia, Italy, Spain, Ukraine, Germany and the UK. Microsoft has determined that the same threat group is also responsible for an earlier coin mining campaign in October, which made use of the BlueKeep exploit released for Metasploit. Microsoft expects hackers to make further enhancements to the BlueKeep exploit so that it becomes more effective in spreading malicious payloads such as ransomware rather than crashing the target systems.

References:

Microsoft Works with Researchers to Detect and Protect against New RDP Exploits

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence