Will BlueKeep Become WannaCry 2.0?

Brian Thomas | June 20, 2019 | tag: Cybersecurity

A little over a month ago, Microsoft discovered a software security vulnerability that could ultimately lead to one of the worst cybersecurity attacks since 2017’s infamous WannaCry ransomware incident.

Dubbed BlueKeep, the Remote Desktop Protocol (RDP) vulnerability is so potentially dangerous that both Microsoft and the National Security Agency (NSA) have issued advisories about its existence. Microsoft has written two blog posts on the topic, while the NSA has gone so far as to say that the terrorist organization ISIS is actively exploring ways to exploit BlueKeep. Meanwhile, the Department of Homeland Security is encouraging everyone to patch their systems now.

The commonalities between BlueKeep and WannaCry are troubling. Both are the result of RDP exploitations, the latter arising from the NSA’s EternalBlue, which was also tied to the Petya ransomware. Both are “wormable” exploits which can automatically propagate across systems without the need for user authentication or interaction.

Most troublesome, WannaCry spread because thousands of systems went unpatched. Several weeks after BlueKeep was discovered, close to one million systems with RDP exposed to the internet remain unpatched.


Perhaps one reason is that companies are not as diligent as they could be about monitoring the cyber posture of their supply chain partners. As we’ve written about before, supply chain visibility — or lack thereof — is a big problem, especially in an increasingly interconnected world.

Thanks to the global economy, organizations routinely work with vendors from all over the world, with vastly different expectations of security exposure. How can you be sure that these vendors and partners are routinely patching their systems to ensure that they’re protected against “wormable” vulnerabilities like BlueKeep and WannaCry? Sure, you could ask your suppliers if they’re doing their due diligence and practicing good security hygiene — and they may answer “yes” — but who knows if that’s really true?

You can take extra measures to ensure that these vendors are implementing precautions to protect their applications, but often these measures come with some drawbacks. You could demand that your vendors take remedial action, but you still need a way to prove that those actions occurred (“trust, but verify”). You could also go to extremes and disconnect the business entity from your network, but that can result in huge disruptions to your business.

Gaining visibility into your vendors’ security postures is a better approach. Third-party risk management should be about understanding where your partner’s vulnerabilities lie in real-time so that you can work with them to target those vulnerabilities. You can then get a sense for which of your partners is serious about delivering solutions that are impervious to risk, allowing you to keep your supply chain clear and free from threat. Without visibility, you’ll run the risk of leaving your entry points open.

That’s precisely what organizations like ISIS and other groups are counting on. They understand that companies are busy and perhaps not paying as much attention to issues like BlueKeep as they should, despite all of the alarms that have been sounded. All they need is a single point of entry for an attack to spread like wildfire.

Right now, the companies that are most vulnerable to BlueKeep are in the telecommunications, education, and technology sectors. Imagine what could happen if an assailant were to use BlueKeep to gain a foothold into the nation’s communication grid?

Don’t provide them with the opportunity to initiate an exploitation. Don’t sit back and wait for malware to be detected, because it’s only a matter of time. Don’t take the chance of being an accidental party to financing a terrorist attack because bad actors were able to use the exploit to steal your financial data.

Instead, gain visibility into your supply chain. Close the potential entry points. Develop a plan and be prepared. Know that although no malware resulting from BlueKeep has been detected yet, it’s only a matter of time. Act now before BlueKeep evolves into WannaCry 2.0.

Visit our BlueKeep Resource Center to stay up to date on the latest news & BitSight research on the BlueKeep vulnerability and learn how you can protect yourself and your supply chain from this and other emerging risks.

third-party vendor risk management program


Suggested Posts

4 Tips for Reducing Your Company’s Cyber Exposure

If your organization is like many others, its cyber exposure continues to grow over time. During the pandemic, as attackers sought to exploit unprecedented changes in work environments, 35% of cyberattacks used previously unseen malware...


5 Essential Elements of a Municipal Cyber Security Plan

Cyberattacks on state and local governments are on the rise. In 2020, more than 100 government agencies, including municipalities, were targeted with ransomware – an increasingly popular attack vector

These incidents are costly and...


Do You Have What it Takes to Achieve Digital Resilience?

The term “digital resilience” has gained momentum over the past few years as cybersecurity threats have grown, but what does it really mean? And how can a company become digitally resilient?


Subscribe to get security news and updates in your inbox.