Cybercriminals use the BlueKeep remote code vulnerability for encryption hijacking

According to Bleeping Computer, security researcher Kevin Beaumont has noticed that several honeypots in his EternalPot RDP honeypot network have crashed and restarted. These honeypots have been active for nearly half a year, and this is the first time they have seen this. Researchers say the malware that led to this may not be a worm, but it is exploiting the BlueKeep remote code execution vulnerability in Windows Remote Desktop Services on a large scale. This suggests that cybercriminals are using a BlueKeep scanner to discover vulnerable systems exposed on the web and install cryptocurrency mining software onto these systems.