Why the telecoms industry is particularly vulnerable to BlueKeep

The industry's exposure far exceeds any other, but it's not down to incompetence

The telecoms industry is considerably more vulnerable to the Windows BlueKeep exploit five months after its discovery than any other sector, according to new research.

BlueKeep is a remote code vulnerability discovered in May 2019 that affected nearly all versions of Windows and, if exploited, would give an attacker the highest possible privileges on a system.

Advertisement - Article continues below

The vulnerability was so severe that Microsoft released a security patch for it, including an out-of-band update for several versions of Windows that have gone end of life, such as Windows XP which hasn't received a security update since 2014.

Since the Department of Homeland Security and individuals in the private sector developed working exploits of the BlueKeep vulnerability, businesses have been scrambling to update their systems, but according to research from BitSight, over 800,000 systems still remain vulnerable representing just a 17% reduction in vulnerable systems since May.

The researchers said  progress has been made across all the industries included in the study, but that telecoms is far more exposed than any sector, with more than 30% of systems still vulnerable to BlueKeep compared to education, the next most at risk area, at just over 5%.

BitSight attributed the huge discrepancy to the fact that "telecommunications companies usually host end-customer systems that they cannot upgrade themselves, which may explain the higher ratio for this industry sector".

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"Telecommunications and education [industries] often provide transit services and thus many of the issues affecting those industries are on systems of their customers," the research read. "Residential networks are included as part of the telecommunication industry while in education, the largest group typically represents students."

The industries most responsive when mitigating the vulnerability include the legal, insurance and financial services, all of which were the least vulnerable to BlueKeep in the first place.

The education sector experienced the most significant reduction in industry-wide vulnerability, as evidenced by the table above, but it still languishes behind nearly every other type of organisation.

It was also revealed that China is the country with the most vulnerable systems, closely followed by the US.

"China showed the highest absolute improvement by reducing the number of exposed vulnerable systems by 109,670 which represents a 23.9% decrease," read the report. "The United States followed suit by showing 26,787 fewer vulnerable systems exposed, representing a 20.3% decrease."

"However, there were a number of other countries that saw an increase in the number of exposed systems," the report added. "Most notably was South Korea showing an increase of 3,430 vulnerable exposed systems, a 14.5% increase, and Estonia with 146, a 32.2% increase."

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now
Advertisement

Recommended

Visit/security/ransomware/356292/university-of-california-gets-fleeced-by-hackers-for-114-million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Visit/security/cyber-security/356289/australia-announces-135b-investment-in-cybersecurity
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
Visit/cloud/cloud-security/356288/csa-and-issa-form-cybersecurity-partnership
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020
Visit/business/policy-legislation/356215/senators-propose-a-bill-aimed-at-ending-warrant-proof-encryption
Policy & legislation

Senators propose a bill aimed at ending warrant-proof encryption

24 Jun 2020

Most Popular

Visit/mobile/google-android/356373/over-2-dozen-additional-android-apps-found-stealing-user-data
Google Android

Over two dozen Android apps found stealing user data

7 Jul 2020
Visit/laptops/29190/how-to-find-ram-speed-size-and-type
Laptops

How to find RAM speed, size and type

24 Jun 2020
Visit/cloud/356260/the-road-to-recovery
Sponsored

The road to recovery

30 Jun 2020