BlueKeep attack discovery has done nothing to motivate businesses into patching systems

Thousands of vulnerable systems remain unpatched with news of the first attack barely changing trends

Businesses are generally apathetic to the Windows BlueKeep threat, even though the first "mass exploitation" of the infamous vulnerability was discovered in the wild last week.

The percentage of flawed systems has been falling more or less steadily over the last few months, according to experts. This trend has barely shifted despite widespread coverage of a cryptocurrency mining attack that was discovered by researchers recently.

BlueKeep is a 'wormable' remote code execution (RCE) vulnerability that allows attackers to gain the highest possible privileges on a Windows machine, with an attack capable of spreading across an entire network without intervention.

Warnings spread from security agencies across the world in the wake of BlueKeep's discovery, including from the National Cyber Security Centre (NCSC), but there has been a dearth of active exploits so far discovered in the wild.

Although the cryptocurrency mining attack discovered last week was described as 'amateur' and didn't include a wormable function, experts nevertheless warned that more sophisticated future attacks may now follow.

Advertisement - Article continues below
Advertisement - Article continues below

Analysis by researcher Jan Kopriva, however, shows businesses haven't been motivated to patch vulnerable systems any faster or slower than that at which they have already been updating systems.

"As we may see, the percentage of vulnerable systems seems to be falling more or less steadily for the last couple of months and it appears that media coverage of the recent campaign didn't do much to help it," Kopriva said.

"And since there still appear to be hundreds of thousands of vulnerable systems out there, we have to hope that the worm everyone expects doesn't arrive any time soon."

Kopriva scanned the Shodan search engine for systems vulnerable to BlueKeep attacks and then compared this against the number of all systems responding on port 3389. This mechanism produced an approximate percentage of unpatched systems connected to the internet, although it's far from exact.

The result was a steady decline in the proportion of vulnerable systems; a trend that has remained relatively unchanged since September, despite news spreading of the first BlueKeep attack last week.

Advertisement - Article continues below

The researcher who discovered BlueKeep, Kevin Beaumont, said in the wake of the attack's discovery that there may be swathes of systems that are simply never patched. He added that there would be global consequences if somebody were to make a wormable exploit.

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now

Most Popular

mergers and acquisitions

Xerox to nominate directors to HP's board – reports

22 Jan 2020
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
public sector

UK gov launches £300,000 SEN EdTech initiative

22 Jan 2020
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020