A number of trojan and malware attacks have hit Australia throughout October and November. Most notably, the BlueKeep and Emotet infections. An unpatched exploit is affecting PCs running old Windows software which has been colloquially dubbed BlueKeep. Although Microsoft security has released a patch for this exploit back in May, it’s estimated millions of PCs are still at risk. Furthermore, the impending end of life for Windows 7 means that similar attacks like BlueKeep could happen after Microsoft stops releasing cyber security patches early next year.
What is BlueKeep?
BlueKeep is a security vulnerability that was discovered in Microsoft’s Remote Desktop Protocol (RDP) implementation; making it possible for a hacker to remotely access a device unbeknownst to the user. The exploit is affecting devices running Windows XP and Windows 7, it is also affecting servers running Windows Server 2003, 2008 and 2008 R2.
At first, it appeared that BlueKeep could be used as a self-spreading worm similar to the 2017 WannaCry attacks. However, it has been discovered that BlueKeep is being used to mine cryptocurrency remotely on PCs around the world without the user ever knowing. This is more commonly referred to as ‘crypto-jacking’.
Devices running the affected versions of Windows can potentially be protected from the BlueKeep exploit by downloading the patch update released by Microsoft.
In this instance, Microsoft was able to detect the exploit early on and subsequently release a patch.
However, once Windows 7 reaches its ‘end of life’ status early next year, Microsoft will no longer release security patches for the operating system. An old and unpatched operating system is an ideal target for hackers. You can read more about the end of Windows 7 and the potential threats here.
Another form of malware also wreaked havoc in Australia late last month. Emotet is a malicious email campaign that has spread itself across multiple sectors of the Australian economy. The email generally contains a malicious word document or link that, once downloaded, installs the Emotet malware on infected machines. It attempts to spread itself within a network using a brute-force attack. Emotet will also ransack your contact list and then send emails impersonating you to your colleagues, friends, and family in hope that they too, will open the malicious document.
The Emotet trojan was also responsible for the ransomware attacks on regional hospitals in Victoria last month in which patient record systems and financial management systems were targeted.
Trickbot, a trojan which Emotet spreads uses the EternalBlue exploit. EternalBlue was linked to the WannaCry and NotPetya attacks in 2017 in which the majority of infected machines were running Windows 7 (98%).
Cybercrime: Quick Stats
- 1 in 3 Australian businesses have experienced some form of cybercrime or a cyberattack
- The average cost of a cyberattack to a business is $276,323
- The average time to recover from a cyberattack is 23 days. This increases to 51 days if the attack was from a malicious insider, employee or contractor.
Source: Cost of Cybercrime
Following the torrent of attacks that Australian businesses have faced in the last month, Traditional Antivirus is no longer enough to handle the level of sophistication of these new types of attacks. Milnsbridge will be introducing a Next Gen Antivirus solution in the following year called SentinelOne. Next Gen Antivirus is better equipped to detect and protect from cyberattacks. You can read more about SentinelOne and Next Gen Antivirus here.
Milnsbridge encourages our customers to upgrade to Windows 10 for better security and less of a chance of encountering a cyberattack.
Similarly, if your business is looking to upgrade to Windows 10 or is potentially unprotected from a cyberattack, call Milnsbridge Managed IT Services on 1300 300 293 to discuss our Managed Security solutions