KUALA LUMPUR, June 3 — A cyber security company today said tens of thousands of Malaysian computer users are vulnerable to a new cyber threat called BlueKeep, similar to a malware called WannaCry that invaded in 2017 and took control of private data.
Citing Microsoft’s advisory on BlueKeep Vulnerability this month and other online reports, Vigilant Asia said this meant nearly one million computers connected directly to the internet are vulnerable to the BlueKeep exploit.
“Vigilant Asia’s Threat Intelligence Team have found that over 13,500 computers are reachable via Remote Desktop Protocol (RDP) in Malaysia and out of which over 2,700 host computers are vulnerable to BlueKeep.
“The balance 11,000+ may still not be safe, they could still be vulnerable if authentication is gained which could be retrieved from internal network machines or by using Brute Force attacks.
“It only takes one vulnerable computer connected to the internet to provide a potential gateway into business networks, where advanced malware could spread, infecting computers across the enterprise,” it said in a statement.
The company warned that the situation could be worse for computer users whose systems have not been updated with the latest fixes, saying “any future malware may also attempt further exploitation of vulnerabilities that have already been fixed”.
Microsoft issued a second advisory this month on BlueKeep vulnerability, urging computer users to update their systems to prevent a re-run of attacks like WannaCry and NotPetya.
Cyber Security Malaysia’s Malaysia Computer Emergency Response Team also issued an advisory about BlueKeep Vulnerability on June 1.
BlueKeep is a critical Remote Code Execution vulnerability in Remote Desktop Services which affects older versions of the Microsoft Operating System — Windows 2000, XP, Vista, Windows 7, Windows Server 2008 and Windows Server 2008 R2.
The vulnerability stems from a “dangling pointer” bug in the Remote Desktop Services, which help provide a graphical interface for connecting to another computer over the Internet.
Successful hackers can use this to access targeted computers via a backdoor with no login, password or user interaction.
Vigilant Asia said organisations with machines running on the affected Microsoft Operating Systems can protect themselves through several steps, including updating their Windows and download related patches and take down Assets with Remote Desktop Protocol from public internet services.
The WannaCry Ransomware attack was a May 2017 worldwide cyberattack which affected some 200,000 computers across 150 countries, targeted computers by encrypting data and demanding ransom payments in the Bitcoin.