Researchers found vulnerabilities being exploited in the wild between the end of October and the first days of November. On October 31, Chrome posted that a stable channel security update for Windows, Mac, and Linux versions of Chrome will be rolled out in the next few days in order to fix two use-after-free flaws in audio and PDFium, assigned CVE-2019-13720 and CVE-2019-13721 respectively. The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has released a statement advising users and administrators to apply the updates. Meanwhile, security researcher Marcus Hutchins aka MalwareTech reported that BlueKeep (CVE-2019-0708) was being actively used as part of a hacking campaign to install cryptocurrency miner malware in unpatched systems. The campaign-related events were first noticed by Kevin Beaumont after his honeypot network crashed.
As November rolled in, initial reports showed a number of unpatched legacy systems becoming the targets of a campaign in exploiting the Microsoft Remote Desktop Protocol (RDP) flaw BlueKeep. Despite security updates from Microsoft in May and a warning issued by the U.S. National Security Agency (NSA) in June, it is estimated that more than 500,000 systems remain unprotected against CVE-2019-0708, with exposed RDP ports being abused to install a malicious Monero miner. Tweets by Hutchins suggested that specific honeypots were targeted, and later Beaumont noted that activity related to the exploit has ceased. However, incidents like these should be taken seriously — the activity can be seen as cybercriminals testing their codes currently in development. While this recent instance of BlueKeep being used does not have self-propagation, BlueKeep is a wormable flaw. It can install more malicious software once successfully exploited, and researchers warn that it can also be used to spread to other internet-connected devices even without the necessary credentials.
As reported in the Trend Micro midyear security roundup, malicious actors and persistent groups will find these security gaps in organizations’ systems as leverage for attacks and illicit profit. Make sure to reduce the attack surface that may exploit these vulnerabilities by following these best practices:
[InfoSec Guide: Remote Desktop Protocol (RDP)]
In addition, threats exploiting BlueKeep can be mitigated by the Trend Micro™ Deep Security™ and Vulnerability Protection solutions, which protect systems and users from threats targeting CVE-2019-0708 via this Deep Packet Inspection (DPI) rule:
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.