To protect yourself from ongoing BlueKeep exploit attacks, Microsoft urges users with systems running Windows 7, Windows Server 2008, and Windows Server 2008 R2 to update their operating systems.

BlueKeep is a vulnerability with the ‘worm’ capability. This means that the malware can spread itself to other vulnerable computers on the network without additional input from the victim, making this type of malware particularly dangerous.

An example of the ‘worm’ malware is WannaCry, which was able to globally infect over 100 000 computers within a 24 hour period in 2017 due to its worm capability.

 

Ongoing BlueKeep Exploits

To detect malware on the internet, Cybersecurity professionals often set up ‘honeypots’ – decoy computers that are designed to study cyberattack methods by baiting attackers into infecting them with malware.

On October 23d, cybersecurity researcher Kevin Beaumond noticed that honeypots that he had set up around the world were crashing and rebooting themselves with increasing regularity. Hutchins, another cybersecurity researcher, confirmed that the reboots were caused by the BlueKeep exploit.

Upon further investigation, Hutchins also discovered that the BlueKeep exploit that was detected had the goal of installing a cryptomining malware on infected PCs. You can learn more about cryptomining in our article here.

 

What are steps that you can take to protect yourself?

Keep your system Updated

The most effective way of protecting yourself from BlueKeep exploits is by keeping your PC up-to-date. Security engineers are constantly detecting repairing security vulnerabilities in their software. It is essential that you download security patches from your software manufacturers in order to protect yourself from publicly known dangers.

Disable RDP

Remote Desktop Protocol (RDP) is a Windows feature that allows for a computer to remotely connect and control another PC. It is useful for IT management and remote troubleshooting, but can also be a security liability. BlueKeep exploits RDP in order to infiltrate PCs, so it is important to keep this feature turned off to protect yourself.

Don’t fall victim to cyberattack. We can help you protect your company from cyberattacks such as the BlueKeep. Call us at +1 888 366 4443 or email us at info@gige.ca to get started immediately.

A server computer acts as a central hub to any organization’s IT infrastructure. It is the core that all other computers are connected to, and stores and shares information among them. Much like personal computers, servers rely on operating systems and programs to carry out their functions. One of such software, called SMBv1, has been identified as a security vulnerability in today’s cyberworld.

SMBv1 is short for Server Message Block Version 1. It is a file sharing protocol developed in the 1980s, and was adopted by Microsoft in the 1990s as a method of sharing files across devices such as printers.

In 2008, the second version of the message block, SMBv2, was released alongside Windows Server 2008. Following this, version 3 was released in 2012 along with Windows Server 2012. Due to its age, SMBv1 was deemed obsolete by Microsoft in 2014.

While SMBv1 is no longer offered as preinstalled software in current Microsoft system offerings, it can still be installed onto current systems, as some old servers are still running on the software. However, Microsoft highly discourages this, as its age has caused it to become a security vulnerability. In fact, a critical vulnerability in SMBv1 had to be repaired with an emergency update on May 12^th, 2017 by Microsoft.

This was not the only SMBv1 incident in recent years. On September 13^th 2016, Microsoft had to release an emergency patch repairing a security vulnerability in its software which allowed cyberattackers to remotely execute code on computers running SMBv1. Three days later, Principle Program Manager Ned Pyle of Microsoft advised all users to upgrade away from SMBv1, after discovering that sensitive data could be stolen through it.

How do you protect yourself?

As has been demonstrated by numerous security incidents in the past few years, SMBv1 simply is not a secure protocol to be using in 2019. This is unsurprising as well, given that the software was written over 30 years ago. However, this highlights the importance of using computer software that is up-to-date, as lack of support will often result in security vulnerabilities that will leave your data unprotected. Do not fall victim to cyberattack. Call us at +1 888 366 4443 for more information on how to keep yourself safe!