Threat actors are actively exploiting the critical BlueKeep flaw that impacts Remote Desktop Protocol (RDP) implementations on unpatched older Windows operating systems. Microsoft and other companies have warned that the flaw, tracked as CVE-2019-0708, is very dangerous because it could be used by attackers to carry out a massive attack involving a worm, i.e. self-replicating malicious code, just like the 2017 global WannaCry outbreak.
So far, the attacks exploiting BlueKeep have not been as dangerous as feared. Threat actors are exploiting the issue in order to install cryptojacking malware on vulnerable machines. The malware is designed to use the processing power of infected devices to mine for cryptocurrency. Marcus Hutchins of Kryptos Logic said that while “BlueKeep has been out there for a while now [..] this is the first instance where I’ve seen it being used on a mass scale.” According to Jake Williams of Rendition Infosec, the current campaign “hasn’t hit critical mass yet.” Williams says that he has “seen a spike [of attacks], but not the level I’d expect from a worm.”
Read more: The First BlueKeep Mass Hacking Is Finally Here—but Don’t Panic