Posted on July 8, 2019 at 3:45 PM
The danger of malware, and ransomware, in particular, is greater than ever. Those in need of proof need only remember the desperate situation that the entire world had to endure back in 2017 when WannaCry infected the entire world over the course of a single weekend. More than 100 countries were affected, with hundreds of thousands of computers falling victim to the sneaky virus.
WannaCry attacked anyone and anything it could reach, from carmakers in France to railways in Germany. From Indian ATMs to Russian banks, and particularly the UK hospitals. It even hit a mall in Singapore. After the crisis had passed, all that remained was billions of dollars worth of damage on a global level.
Now, the world finds itself in a similar danger once again, only this time — the number of infected devices could potentially surge by as many as five times, or more, resulting in over a million infected devices.
The new vulnerability: BlueKeep
The new danger comes due to a newly-discovered Windows vulnerability, which could see another global ransomware attack. Luckily, Microsoft identified the danger early on, and it issued a patch, but there are still those who did not apply it to their devices, and could still be in danger.
Researchers have taken to calling the new vulnerability BlueKeep. The flaw can be found in Microsoft’s Remote Desktop Protocol, which is a tool that allows users to access their systems remotely. Most Windows versions, apart from Windows 8 and 10, are at risk, including Windows XP, Windows 7, Windows Vista, as well as Windows Server 2008.
Researchers have confirmed that the vulnerability can be used by hackers who want to break into other peoples’ systems, and even execute codes, including keyloggers, as well as ransomware. Furthermore, the flaw is also wormable, which means that it can be used for spreading malware among other vulnerable devices.
The flaw was discovered earlier this year by the UK’s National Cyber Security Centre, which alerted Microsoft, and gave it time to create a patch. Microsoft then revealed the flaw to the public back in May, after releasing the said patch.
Why is this still a threat?
Despite the fact that the patch has been out for nearly two months now, there are still around one million systems that have not applied it. This puts them all at risk, especially now, when hackers know of the flaw as well. Entire corporations could be at risk, as even some of the largest firms out there often neglect their security, and ignore updates and patches.
The danger is massive, and it has experts around the world alarmed. Even the US’ NSA, as well as the Department of Homeland Security, have issued a warning in regards to the flaw. Australian Cyber Security Centre did the same, and so did the UK’s National Cyber Security Centre. Meanwhile, Microsoft itself published several warnings, even going as far as to release a patch for Windows XP — a system so old that it barely sees any updates these days.
At this point, the situation looks quite grim. There are more than a few similarities to the situation prior to WannaCry attack, where a vulnerability known as EternalBlue was discovered. Despite the patches being issued, many ignored them, and later became victims of the ransomware. Now, the history is repeating itself, and over a million devices remain unsecured.
So far, there were no reports of attacks that use BlueKeep flaw as part of their attacks. However, researchers believe that it is only a matter of time before the reports start piling up. One security firm, known as GreyNoise, reported that unknown entities are using anonymous browser Tor for scanning the internet for unpatched systems.
Some companies, such as McAfee Antivirus, and even the US Department of Homeland Security, have already created Proof-of-Concept exploits for the flaw. They confirmed that the vulnerability could be exploited in a malware attack.
The fact is that not only home computers are in danger, but also those used by businesses, whether small or large. It is high time that the world takes this issue seriously and secure their devices — or ransom messages might start appearing on their computer screens once more.