Cybersecurity experts have revealed the first massive attempts to exploit sensational RCE vulnerability in Windows for mining cryptocurrency on vulnerable systems.
The talk is about the vulnerability CVE-2019-0708 (BlueKeep), a patch for which Microsoft released in May this year.
The problem allows executing arbitrary code and seizing control of the device by sending specially generated requests to the remote desktop services, while user interaction is not required. The bug affects versions of Windows 2003, XP, 윈도우 7, 윈도우 서버 2008 그리고 2008 R2 and poses a serious danger, because it can be used to carry out attacks like WannaCry 그리고 NotPetya. As of July 2, 2019, the number of systems affected by the BlueKeep vulnerability exceeded 805,000 장치.
The first attempts to exploit this vulnerability were recorded by specialist Kevin Beaumont on Saturday, 십일월 2, when several of his trap systems suddenly crashed and rebooted.
Huh, the EternalPot RDP honeypots have all started BSOD’ing recently. They only expose port 3389”, — wrote Kevin Beaumont in his Twitter.
After analyzing the data shared by Beaumont, information security expert Michael Hutchins, famous for temporarily suspending the WannaCry epidemic in May 2017, confirmed attempts to exploit the bug for Monero cryptocurrency mining.
Kevin Beaumont kindly shared the crash dump with us and following this lead, we discovered the sample was being used in a mass exploitation attempt. Due to only smaller size kernel dumps being enabled, it is difficult to arrive at a definite root cause”, — reported Michael Hutchins.
그의 말에 따르면, the exploit used contains encrypted PowerShell commands to download the final malicious module from a remote server and execute it on the attacked systems. According to the VirusTotal service, the attacks use malware Monero for cryptocurrency mining.
또한 읽기: Microsoft는 문제가 있는 Windows를 계속 출시합니다. 10 잇달아 업데이트
As the specialist noted, the malware does not have the ability to “spread itself” and cannot move from computer to computer. Apparently, the attackers first scan the Network in search of vulnerable systems and then exploit them. There is currently no data on the number of systems compromised in recent attacks.
It is curious that this publicly known wormable vulnerability, known to everyone who would care to know for at least six months, took this long to get detectably weaponized. One might theorize that attackers know they have essentially one shot at using it at scale, and it becomes a game of chicken as to who will do it first”, — wrote Michael Hutchins.
He also noted that mass exploitation of the vulnerability for the sake of profit could be difficult due to the associated risks and he did not see a surge of random scanning of vulnerable ports, as happened when EternalBlue penetrated the Internet, which is now known as the WannaCry attack.
코멘트를 남겨주세요