The recent attacks exploiting the BlueKeep vulnerability to deliver cryptocurrency miners caused some systems to crash due to a Meltdown patch being deployed on the targeted machines.
The BlueKeep vulnerability, officially tracked as CVE-2019-0708, affects Windows Remote Desktop Services (RDS) and it allows an unauthenticated attacker to execute arbitrary code by sending specially crafted Remote Desktop Protocol (RDP) requests. Microsoft released patches, including for unsupported versions of Windows, in May.
The BlueKeep attacks used an exploit based on a Metasploit module released in September. While the attackers attempted to deliver a Monero miner, the exploit caused many of the targeted systems to crash, which actually led to researchers discovering the attacks.
Researcher Sean Dillon, aka zerosum0x0, who is one of the developers of the BlueKeep Metasploit module, has conducted an analysis and determined that the exploit likely causes devices to crash due to the presence of a patch for the Intel CPU vulnerability known as Meltdown. Dillon said his BlueKeep exploit development setup did not have the Meltdown patch installed, which is why he did not observe the crashes.
The researcher has proposed a fix that should make the exploit more reliable. In the meantime, Kevin Beaumont, the expert whose honeypots caught the BlueKeep exploitation attempts, says he has deployed more sensors, including ones that have been configured to make exploitation more stable. However, he stopped seeing attacks three days ago.
Beaumont’s honeypots started crashing on October 23, but he only realized that the crashes were caused by BlueKeep exploitation attempts on November 2. After Beaumont reported seeing attacks, Microsoft admitted that it had started noticing an increase in RDP-related crashes right after the Metasploit module was released in September.
Microsoft has once again advised customers to install the patches and warned that the exploit will likely also be used to deliver more “impactful and damaging” payloads.
While Microsoft and many others were concerned that the BlueKeep vulnerability would be used to create a worm, similar to how the EternalBlue exploit was used by the WannaCry ransomware back in 2017, the recent attacks did not involve a self-propagation component.
However, Marcus Hutchins, aka MalwareTech, the British researcher who helped Microsoft and Beaumont analyze the BlueKeep attacks, pointed out that attackers do not need to create a worm to launch profitable attacks and users should not ignore the threat just because a worm has not been created.
“Most BlueKeep vulnerable devices are servers. Generally speaking, Windows servers have the ability to control devices on the network. Either they’re domain admin, have network management tools installed, or share the same local admin credentials with the rest of the network,” Hutchins explained.
“By compromising a network server, it is almost always extremely easy to use automated tooling to pivot internally (Ex: have the server drop ransomware to every system on the network),” the researcher added.
“The real risk with BlueKeep is not a worm. A worm is pointless and noisy. Once an attacker is on the network, they can do far more damage with standard automated tools than they could ever do with BlueKeep,” Hutchins said.
There are still roughly 700,000 systems that appear to be vulnerable to BlueKeep attacks and the fact that malicious actors have started exploiting the flaw in the wild does not appear to have had any positive impact on patching efforts. The SANS Institute’s Internet Storm Center reported that the media coverage of the recent attacks does not appear to have influenced the rate at which users patch their devices.
Source: BlueKeep Attacks Crash Systems Due to Meltdown Patch
Fusion Foundation, the non-profit organization building the next generation infrastructure for decentralized global finance, today announced its collaboration with Nimbus-T, a healthcare platform that provides secure identity management and authentication in the healthcare sector to prevent fraud, improve interoperability and preserve data integrity.
Nimbus-T will issue the NTC utility token on the Fusion blockchain to serve as the “gas” that supports transactions and data transfers on their application.
“We evaluated numerous blockchain projects to identify the best fit to support our development needs,“ said Jose Bolanos, CEO of Nimbus-T. “We landed on Fusion because of its innovative feature set and unique interoperability solution.”
Fusion’s interoperability protocol known as Distributed Control Rights Management (DCRM) is currently being enhanced by a team of well-known cryptographers and is due to be unveiled later this year. The technology will enable Nimbus-T to connect with existing healthcare infrastructure and blockchain systems while empowering patients to maintain privacy and control over their health records and medical identities.
”Nimbus-T are introducing innovative new infrastructure to support patients and hospitals with data privacy and storage,” said Dejun Qian, Founder and CEO of Fusion. We think this is a natural fit for blockchain technology and are excited to part of the healthcare revolution.”
Nimbus-T’s patented technology empowers patients to create an encrypted QR code that can be used as a global healthcare identifier. The QR code can be stored on paper, mobile or ID card and manages all relevant patient information for medical documentation, genomic health, insurance information and more. The QR code will be registered and managed on the Fusion blockchain and distributed via the NTC token, enhancing security and facilitating fluid information transfer for Nimbus-T users.
Blockchain technology has the potential to transform health care, placing the patient at the center of the health care ecosystem and increasing the security, privacy, and interoperability of health data. This technology could provide a new model for health information exchanges (HIE) by making electronic medical records more efficient, disintermediated, and secure. While it is not a panacea, this new, rapidly evolving field provides fertile ground for experimentation, investment, and proof-of-concept testing.
What is blockchain and how can it provide opportunities for health care?
A blockchain powered health information exchange could unlock the true value of interoperability. Blockchain-based systems have the potential to reduce or eliminate the friction and costs of current intermediaries.
The promise of blockchain has widespread implications for stakeholders in the health care ecosystem. Capitalizing on this technology has the potential to connect fragmented systems to generate insights and to better assess the value of care. In the long term, a nationwide blockchain network for electronic medical records may improve efficiencies and support better health outcomes for patients.
What is blockchain?
At its core, blockchain is a distributed system recording and storing transaction records. More specifically, blockchain is a shared, immutable record of peer-to-peer transactions built from linked transaction blocks and stored in a digital ledger. Blockchain relies on established cryptographic techniques to allow each participant in a network to interact (e.g. store, exchange, and view information), without preexisting trust between the parties. In a blockchain system, there is no central authority; instead, transaction records are stored and distributed across all network participants. Interactions with the blockchain become known to all participants and require verification by the network before information is added, enabling trustless collaboration between network participants while recording an immutable audit trail of all interactions.
Blockchain as an enabler of nationwide interoperability
The Office of the National Coordinator for Health Information Technology issued a shared nationwide interoperability roadmap, which defines critical policy and technical components needed for nationwide interoperability, including:
- Ubiquitous, secure network infrastructure
- Verifiable identity and authentication of all participants
- Consistent representation of authorization to access electronic health information, and several other requirements.
However, current technologies do not fully address these requirements, because they face limitations related to security, privacy, and full ecosystem interoperability.
Implementation challenges and considerations
Blockchain technology presents numerous opportunities for health care; however, it is not fully mature today nor a panacea that can be immediately applied. Several technical, organizational, and behavioral economics challenges must be addressed before a health care blockchain can be adopted by organizations nationwide.
Shaping the blockchain future
Blockchain technology creates unique opportunities to reduce complexity, enable trustless collaboration, and create secure and immutable information. HHS is right to track this rapidly evolving field to identify trends and sense areas where government support may be needed for the technology to realize its full potential in health care. To shape blockchain’s future, HHS should consider mapping and convening the blockchain ecosystem, establishing a blockchain framework to coordinate early-adopters, and supporting a consortium for dialogue and discovery.
Source: Blockchain: Opportunities for health care | Deloitte US
Hackers are targeting app stores from the likes of Apple and Google with malicious cryptocurrency apps to steal money and personal data, according to a study. Researchers at cybersecurity firm RiskIQ analyzed more than 18,000 apps to detect ones that are blacklisted by cybersecurity vendors. Their research found that 661 blacklisted cryptocurrency apps were found across 20 app stores including Apple’s App Store, Google Play and others.
Cryptocurrency platform OKCoin is planning to launch a bitcoin exchange in South Korea as soon as next month, a move that comes as the country’s government is considering whether to shut down cryptocurrency exchanges altogether.
Beijing-based OKCoin, which previously ran one of the biggest bitcoin exchanges in China before the government there banned cryptocurrency exchanges on the mainland, now plans to branch out to South Korea, another Asian hot spot for crypto trading. It has launched an OKCoin Korea website and has accepted preorder registrations for more than 150,000 people since Friday. The exchange intends to make some 60 digital coins available for trading.
Japan is the global leader in the market development of cryptocurrencies — a global buzzword recently — some of which have seen their values skyrocket over the past year.
As of Jan. 15, yen accounts for 56.2 percent of bitcoin, or BTC, the most popular cryptocurrency, according to coinhills.com. Yen is followed by U.S. dollars at 28.4 percent, while all others account for 15.4 percent. Chinese yuan used to account for the largest until January 2017, but dropped after the state imposed strict restrictions on cryptocurrency trading.