The vast majority of companies are more exposed to cyberattacks than they have to be. To close the gaps in their security, CEOs can take a cue from the US military. Once a vulnerable IT colossus, it is becoming an adroit operator of well-defended networks. One key lesson of the military’s experience is that while technical upgrades are important, minimizing human error is even more crucial. Mistakes by network administrators and users — failures to patch vulnerabilities in legacy systems, misconfigured settings, violations of standard procedures — open the door to the overwhelming majority of successful attacks.
There are few things more nightmarish to a CSO or CIO than a bad actor gaining remote access to their organization’s networked devices. Microsoft’s Remote Desktop Protocol (RDP) has long been a prime target for hackers because it provides direct access to a device or server through a graphical interface. The advent of BlueKeep makes having any unpatched RDP servers connected to the Internet particularly dangerous. BlueKeep, if exploited, not only gives attackers access to the server with RDP but also makes it possible for the attacker to “worm” into other connected systems. It’s critical for organizations to understand their complete Internet attack surface, including any exposed RDP instances or other critical exposures.
It’s official — a successful exploit of BlueKeep has been spotted in the wild. Since Microsoft first warned the public about the Remote Desktop Protocol (RDP) vulnerability BlueKeep, security professionals and researchers have been waiting to see a documented case of bad actors taking advantage of the vulnerability. And on November 2, security researcher Kevin Beaumont revealed that cryptominers were crashing his network of honeypots by exploiting BlueKeep. Microsoft has confirmed this information.