Today, cyber threats know no borders. Mexico, like any other country, is exposed to various threats and adversaries, from cybercriminals, hacktivists, insider threats, cyber espionage, and many others. These adversaries can exploit various types of vulnerabilities, both technical and procedural, technological and human. Sometimes they exploit 0-day vulnerabilities, i.e. those that are only known to a small group of adversaries and for which there is no security patch from the manufacturer yet. These vulnerabilities are particularly dangerous because, being unknown, system administrators can do very little to prevent their exploitation. However, in very many other cases, the vulnerabilities that are exploited by cybercriminals are already known vulnerabilities, sometimes even old ones, which, for various reasons, have not been updated and therefore remain unpatched. According to Shodan, one of the main exposure surface analysis engines, we can see that in Mexico alone we have more than 1000 servers vulnerable to BlueKeep exposed to the Internet. This is a software vulnerability, identified as CVE-2019-0708, that affects older versions of Microsoft Windows, specifically Remote Desktop Protocol (RDP) of the operating system and allows arbitrary remote code execution. It was detected in May 2019 and has been exploited on a massive scale by various threat actors who exploit it to gain full control over the server, which, more often than not, serves as a pivot point to compromise the rest of the organization’s network. It is highly probable that many of those 1000 servers, representing Mexican organizations, are already compromised.
