BlueKeep attack discovery has done nothing to motivate businesses into patching systems

Thousands of vulnerable systems remain unpatched with news of the first attack barely changing trends

Businesses are generally apathetic to the Windows BlueKeep threat, even though the first "mass exploitation" of the infamous vulnerability was discovered in the wild last week.

The percentage of flawed systems has been falling more or less steadily over the last few months, according to experts. This trend has barely shifted despite widespread coverage of a cryptocurrency mining attack that was discovered by researchers recently.

BlueKeep is a 'wormable' remote code execution (RCE) vulnerability that allows attackers to gain the highest possible privileges on a Windows machine, with an attack capable of spreading across an entire network without intervention.

Warnings spread from security agencies across the world in the wake of BlueKeep's discovery, including from the National Cyber Security Centre (NCSC), but there has been a dearth of active exploits so far discovered in the wild.

Although the cryptocurrency mining attack discovered last week was described as 'amateur' and didn't include a wormable function, experts nevertheless warned that more sophisticated future attacks may now follow.

Analysis by researcher Jan Kopriva, however, shows businesses haven't been motivated to patch vulnerable systems any faster or slower than that at which they have already been updating systems.

"As we may see, the percentage of vulnerable systems seems to be falling more or less steadily for the last couple of months and it appears that media coverage of the recent campaign didn't do much to help it," Kopriva said.

"And since there still appear to be hundreds of thousands of vulnerable systems out there, we have to hope that the worm everyone expects doesn't arrive any time soon."

Kopriva scanned the Shodan search engine for systems vulnerable to BlueKeep attacks and then compared this against the number of all systems responding on port 3389. This mechanism produced an approximate percentage of unpatched systems connected to the internet, although it's far from exact.

The result was a steady decline in the proportion of vulnerable systems; a trend that has remained relatively unchanged since September, despite news spreading of the first BlueKeep attack last week.

The researcher who discovered BlueKeep, Kevin Beaumont, said in the wake of the attack's discovery that there may be swathes of systems that are simply never patched. He added that there would be global consequences if somebody were to make a wormable exploit.

Featured Resources

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Simplify cluster security at scale

Centralised secrets management across hybrid, multi-cloud environments

Download now

The endpoint as a key element of your security infrastructure

Threats to endpoints in a world of remote working

Download now

2021 state of IT asset management report

The role of IT asset management for maximising technology investments

Download now

Recommended

Wisconsin Republican Party allegedly loses $2.3 million to hackers
hacking

Wisconsin Republican Party allegedly loses $2.3 million to hackers

30 Oct 2020
What is hacktivism?
hacking

What is hacktivism?

13 Oct 2020
Microsoft: Iranian hackers are exploiting ZeroLogon flaw
Security

Microsoft: Iranian hackers are exploiting ZeroLogon flaw

6 Oct 2020
The Ritz suffers data breach after hackers pose as staff
data breaches

The Ritz suffers data breach after hackers pose as staff

17 Aug 2020

Most Popular

Do smart devices make us less intelligent?
artificial intelligence (AI)

Do smart devices make us less intelligent?

19 Oct 2020
Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

21 Oct 2020
What is Neuralink?
Technology

What is Neuralink?

24 Oct 2020