While we all like to think we’re reasonably vigilant with security on our devices, we tend to be lulled into a false sense of security if we haven’t been affected for a while. So here’s something that should snap you back to attentive: A new cyberworm, called BlueKeep, is shaping up to be one of the worst mass cyber attacks since WannaCry. Yikes.
With WannaCry garnering a lot of attention over the last few days, it's easy to forget that the root cause of the damage it wreaked is still out there. The vulnerability it exploited was a weakness in Windows' file-sharing protocol. And while the threat of WannCry has been largely contained, if the vulnerability, dubbed EternalBlue by the NSA, remains unpatched, it can be exploited by others. And that's something being identified in the wild.Read more
What is BlueKeep?
BlueKeep, or CVE-2019-0708, is a cyberworm, which means it can replicate its malware to infect other computers. Microsoft provided an update in May and its Detection and Response Team (DART) issued a further warning about BlueKeep back in August.
Devices most vulnerable to the cyberworm are Windows 7, Windows Server 2008 R2 and Windows Server 2008 while later version, like Windows 8 and 10, are unaffected. Despite the Windows being outdated, Microsoft suspects about 400,000 devices around the world are still vulnerable. Even Windows 2003, Windows XP and Vista users will receive the patch in an unusual move from Microsoft showing how concerned it is.
It’s being described as similar to the devastating WannaCry ransomware, which replicate and infect multiple computers within a short timeframe. Microsoft has said it’s costed one company $US300 million ($434 million) in damages.
Has it hit Australia yet?
While there aren’t any known cases, Australian Signals Directorate (ASD) has issued a warning. ASD’s Australian Cyber Security Centre (ACSC) estimates around 50,000 devices in Australia could be affected by BlueKeep unlesss they’re patched up urgently.
“In simple terms, an unpatched system gives criminals a front door to break into your network and steal your corporate and customer information,” ACSC’s Rachel Noble said.
“Patching may require you to restart your computers but this is a small price to pay when the risk of a compromise occurring could harm your business and its customers.”
It said it had already notified “governments and critical infrastructure operators across Australia.”
How do I protect my device?
The first and most obvious step is patch your affected computer right now. If you have Windows 7, Windows 2008 R2 and Windows 2008, head to Microsoft and download the latest patch and install it straight away. If you have Windows 2003 or XP, there’s a separate bunch of patches to install from here. For Vista users, check out these patches.
In terms of general vigilance, ACSC recommends denying access to Remote Desktop Protocols (RDP) from the internet or using a VPN if you have to use RDPs for anything. To set that up, University of California, Berkeley offers a breakdown to help you ensure things are more secure.
We regret to inform you that the latest Windows 10 updates continue to be downright pests. This time, there are reports of some users receiving the rightfully ominous-sounding, Blue Screen of Death (BSOD) after updating. Here's what you should do.Read more