About a million Windows users could be at risk of a highly spreadable ransomware attack, experts fear could be as troubling as the 2017 WannaCry cyberattack.
Concerns surrounding the potential severity of BlueKeep has prompted Australia’s Cyber Security Centre and Microsoft to issue urgent warnings for users to update their operating systems.
Microsoft says any operating system earlier than Windows 8 is at risk with internet security company AVG warning users to check if their operating system is ‘dangerously out of date’.
Microsoft alerted users to BlueKeep earlier this year, but have warned more than a million computers are still vulnerable.
The vulnerability involves a common Windows protocol, which can allow hackers to remotely takeover a computer without any input from the machine’s owner.
The simplicity of BlueKeep means it can potentially hit thousands of computers.
Microsoft lists BlueKeep as a 9.8 out of 10 in threat severity, prompting its director of security to compare it to WannaCry.
In 2017 WannCry hit Windows computers globally and resulted in more than 300,000 being infected with the ransomware worm.
That cybervirus spread rapidly to the point where the UK National Health Service and European telecommunications and automotive services were affected.
Australia’s Cyber Security Centre estimates WannaCry cost the global economy hundreds of millions in lost revenue and repair bills.
More than a year later MalwareBytes revealed WannaCry was still impacting thousands of Australian computer users and millions globally.
In 2018, it found 3388 cases of WannaCry on Australian systems but said globally that number was closer to three million computers.
The ACSC has joined Microsoft and the US department of Homeland Security’s urgent push to get users to update their computers, saying anyone running Windows 8 or earlier should install the latest security patch as soon as possible.
They warn the pre-2008 Windows software vulnerability in the Remote Desktop Protocol (RDP) could result in a major global ransomware attack.
Microsoft says BlueKeep is able to ‘worm’ its way into computer systems with no owner interaction at all.
“With potentially millions of networks vulnerable, we’re now notifying smaller entities and owners and operators of businesses around Australia, of the need to patch your systems as soon as possible,”
ACSC warned last month, adding BlueKeep has the potential for “significant, widespread harm around the world.”
“The BlueKeep vulnerability is readily available to cyber criminals who seek to exploit vulnerable systems en masse. These criminal groups are not necessarily targeting unsuspecting users; they’re simply sweeping the landscape for vulnerable, outdated systems that are easily penetrable.”
HOW TO PROTECT YOURSELF
Microsoft warns up to one million computers connected directly to the internet are vulnerable to BlueKeep.
The tech company is offering fixes for vulnerable operating systems, including Windows 7, Windows Server 2008 R2, and Windows Server 2008 and out-of-support systems including Windows 2003 and Window XP. Windows 10 is not affected.
ACSC advises “patch, patch, patch, monitor your networks, and then patch some more.”
It advises vulnerable Windows users to deny access to Remote Desktop Protocols (RDP) directly from the internet and use a VPN with multifactor authentication, if internet based access to RDP is required.
WHAT IF I IGNORE IT?
British cyber security firm Sophos released a video to show the severity of BlueKeep stressing it can take over a computer without any authentication.
The Sophos video shows how hackers can easily get full control of a computer without needing to deploy malware.
The IT firm warns BlueKeep is highly ‘wormable’, meaning if hackers can successfully get into one system, they can then easily takeover other systems.
Online security companies such as McAfee have also warned against BlueKeep in multiple blogs.
If you suspect your computer is at risk, visit Microsoft’s security portal here.
For more details on BlueKeep read the full ACSC warning here.