By 
After news broke that hackers have begun leveraging the BlueKeep flaw to deliver cryptocurrency miners, software giant Microsoft has cautioned that the activity will possibly also be used to produce more impactful and harmful payloads.
There is no proof that BlueKeep has been misused to distribute ransomware or other types of malware, but the company believes it’s only a matter of time before it occurs.
Microsoft primarily issued a security patch for the flaw on May 14, 2019, but that did not stop hackers from attacking it, particularly with a large number of systems remaining unfixed for months.
Kevin Beaumont, the security expert who named the security flaw, says recent assaults on his honeypots, which began on October 23, were targeting BlueKeep in a bid to drop a Monero miner.
An examination has discovered that a BlueKeep Metasploit module that was issued in September is being leveraged as part of these new outbreaks.
Microsoft, however, says that some users have been protected from this string of attacks since early September, when a behavioral finding for the Metasploit module was revealed to Microsoft Defender ATP customers.
The BlueKeep Metasploit module seems uneven, triggering many RDP-related crashes, and Microsoft used this information to track the attacks on vulnerable machines.
Related Article: ‘Mass Exploiting’ BlueKeep RDP Attacks Spotted in the Wild
Therefore, it noticed an upsurge in the number of RDP service crashes from 10 to 100 every day, beginning on September 6, a rise in memory corruption crashes starting on October 9, and crashes on outside investigator honeypots starting on October 23.
The collected data exposed evidence that the same attacker possibly carried out another campaign aimed at bringing a coin miner in September.
“The new exploit attacks show that BlueKeep will be a threat as long as systems remain unpatched, credential hygiene is not achieved, and overall security posture is not kept in check. Customers are encouraged to identify and update vulnerable systems immediately,” Microsoft notes.
