While Australians were sleeping, someone on the other side of the world opened an email attachment. That was all it took.
Within hours, the virus unleashed by that unwitting person had leapt from one computer network to another, crossing continents to infect more than 230,000 computers in at least 100 countries.
The virus was indiscriminate, hitting everything from French car manufacturers and German railways to Russian banks, from ATMs in India and hospitals in the UK to a mall in Singapore, causing billions of dollars of damage globally.
That was 2017. If we are not careful, it could also be 2019 – only this time instead of 230,000 infections, it might be as many as a million.
A software vulnerability discovered in Microsoft Windows could be used to execute a global ransomware attack similar to the devastating WannaCry attack of two years ago.
Microsoft has already issued a patch for the bug, but many systems are still believed to be at risk.
Are you at risk?
The vulnerability, known as BlueKeep, is in Microsoft’s Remote Desktop Protocol, a tool for users to access their systems remotely.
Older and legacy versions of Windows, including Windows 7, Windows XP, Windows Vista, and Windows Server 2008, are at risk. Windows 8 and Windows 10 are not affected.
Cybercriminals could use BlueKeep to break into systems and execute code remotely, for example, to install programs such as ransomware or keyloggers or to access and steal data.
This vulnerability is especially dangerous because it is “wormable”, meaning that cybercriminals could use it to spread malware from one vulnerable computer system to another.
Microsoft was first alerted to the BlueKeep flaw by the UK’s National Cyber Security Centre earlier this year.
Microsoft publicly disclosed it in May, at the same time as they released a patch for the bug. Months later, however, at least a million systems are believed to still be unpatched and vulnerable, with potentially many more on corporate networks also at risk. And that has cybersecurity experts around the world extremely worried.
Government agencies including the US’s National Security Agency and Department of Homeland Security, the UK’s National Cyber Security Centre and the Australian Cyber Security Centre have all issued warnings about the seriousness of this vulnerability and urged users to patch their systems.
Microsoft itself has given multiple warnings and has even taken the very unusual step of providing a patch for end-of-life versions of Windows such as Windows XP.
Is this really WannaCry 2.0?
For people in the cybersecurity sector, this is all alarmingly familiar.
The circumstances are remarkably similar to the beginnings of the WannaCry attacks.
The WannaCry ransomware worked by exploiting a vulnerability called EternalBlue. Like BlueKeep, EternalBlue was a critical vulnerability that allowed criminals to completely control their victims’ computers.
Like BlueKeep, a patch for EternalBlue was made available months before the crippling ransomware attacks took place, but many users simply did not patch their systems. This meant that when the WannaCry ransomware was unleashed, it was able to infect hundreds of thousands of computer networks and spread around the globe in just a matter of hours.
It would be a mistake to think that the risk from BlueKeep is less serious because it mainly affects older versions of Windows.
Many organisations with networks that are difficult to patch, such as hospitals, emergency services dispatch systems and even financial institutions, run on older Windows systems.
A November 2018 study on ATM security found that more than half were still running on Windows XP, for example.
- Read more: Hacked? Here’s what to do next
What can you do to protect yourself?
As yet, there have been no publicly acknowledged malware attacks using BlueKeep, but it is only a matter of time.
Cybersecurity company GreyNoise has observed unknown actors using Tor (a web browser used to anonymise traffic and for accessing the dark web) to scan the internet for systems vulnerable to BlueKeep.
Multiple researchers, including from the US Department of Homeland Security and antivirus company McAfee, have developed proof-of-concept exploits for BlueKeep, confirming that it is possible to use the vulnerability in a malware attack.
There should be no doubt that cybercriminals are already at work developing their own exploits for BlueKeep, and unlike the legitimate researchers, their interest is not academic.
BlueKeep is a ticking time bomb, but the good news is there’s still time to defuse it. If you are running an older Windows system – Windows 2000, Vista, XP, Windows 2003, Windows 2008 or Windows 7 – you can go here to install the patches and keep your system safe.
It’s not just about home computers, either.
If you run a business, or if you think your work might be using an older Windows system, make sure that gets patched too.
WannaCry was a disruptive, painful and very expensive reminder of why cybersecurity matters, and how just a few missed computer updates can end in catastrophe.
With BlueKeep looming on the horizon, it’s time to prove we learned our lesson – and avoid letting history repeat itself.
Elise Thomas is a freelance writer and a security researcher with the Australian Strategic Policy Institute