BlueKeep attack discovery has done nothing to motivate businesses into patching systems

Thousands of vulnerable systems remain unpatched with news of the first attack barely changing trends

Businesses are generally apathetic to the Windows BlueKeep threat, even though the first "mass exploitation" of the infamous vulnerability was discovered in the wild last week.

The percentage of flawed systems has been falling more or less steadily over the last few months, according to experts. This trend has barely shifted despite widespread coverage of a cryptocurrency mining attack that was discovered by researchers recently.

BlueKeep is a 'wormable' remote code execution (RCE) vulnerability that allows attackers to gain the highest possible privileges on a Windows machine, with an attack capable of spreading across an entire network without intervention.

Warnings spread from security agencies across the world in the wake of BlueKeep's discovery, including from the National Cyber Security Centre (NCSC), but there has been a dearth of active exploits so far discovered in the wild.

Although the cryptocurrency mining attack discovered last week was described as 'amateur' and didn't include a wormable function, experts nevertheless warned that more sophisticated future attacks may now follow.

Analysis by researcher Jan Kopriva, however, shows businesses haven't been motivated to patch vulnerable systems any faster or slower than that at which they have already been updating systems.

"As we may see, the percentage of vulnerable systems seems to be falling more or less steadily for the last couple of months and it appears that media coverage of the recent campaign didn't do much to help it," Kopriva said.

"And since there still appear to be hundreds of thousands of vulnerable systems out there, we have to hope that the worm everyone expects doesn't arrive any time soon."

Kopriva scanned the Shodan search engine for systems vulnerable to BlueKeep attacks and then compared this against the number of all systems responding on port 3389. This mechanism produced an approximate percentage of unpatched systems connected to the internet, although it's far from exact.

The result was a steady decline in the proportion of vulnerable systems; a trend that has remained relatively unchanged since September, despite news spreading of the first BlueKeep attack last week.

The researcher who discovered BlueKeep, Kevin Beaumont, said in the wake of the attack's discovery that there may be swathes of systems that are simply never patched. He added that there would be global consequences if somebody were to make a wormable exploit.

Featured Resources

BCDR buyer's guide for MSPs

How to choose a business continuity and disaster recovery solution

Download now

The definitive guide to IT security

Protecting your MSP and your customers

Download now

Cost of a data breach report 2020

Find out what factors help mitigate breach costs

Download now

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Recommended

TsuNAME vulnerability could enable DDoS attacks on major DNS servers
distributed denial of service (DDOS)

TsuNAME vulnerability could enable DDoS attacks on major DNS servers

7 May 2021
Security researchers take control of a Tesla via drone
ethical hacking

Security researchers take control of a Tesla via drone

5 May 2021
New report highlights the need for diversity in cyber security recruitment
cyber security

New report highlights the need for diversity in cyber security recruitment

28 Apr 2021
Hackers could abuse legitimate Windows AD FS to steal data
Microsoft Windows

Hackers could abuse legitimate Windows AD FS to steal data

28 Apr 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

29 Apr 2021
Qualcomm modem flaw puts millions of Android users at risk
Google Android

Qualcomm modem flaw puts millions of Android users at risk

6 May 2021