There is no shortage of malicious actors looking to prey on individuals who do not take cyber security seriously.
Proving this fact, internet security researchers from Flashpoint have shed light on prominent dark web marketplaces where hackers can get access to computer systems around the globe.
This is made possible by weak passwords that are used to access Remote Desktop Protocol (RDP) services.
In a blog post detailing their findings, Flashpoint researchers revealed that RDP access to desktop PCs are going for as low as $3 on darknet markets.
This type of access enables hackers to spy on organizations without the difficulties associated with using malware.
Cybercriminals operating on the dark web can acquire sensitive information from organizations in various sectors such as education, healthcare, government and even retail.
RDP is a proprietary protocol from Microsoft that provides the user with a graphical interface to connect to other computers via a network connection. The protocol is often used to access virtual desktops and remote management systems.
These reports raise a lot of concerns for one reason. If access to RDP can be compromised, hackers can easily gain access into corporate networks.
This leaves many organizations vulnerable to data breaches, espionage and other forms of damaging cyber attacks.
For the malicious actors operating on the dark web, this is a great opportunity for gains. For this reason, the sale of remote access credentials has increased on darknet markets and forums.
The vendors are currently offering access to tens of thousands of PCs for the surprisingly low price of $3 for a Windows XP system and $9 for a Windows 10 system.
This means that a good number of hackers with the right passwords can gain remote access to a network without detection from the victim.
Researchers from Flashpoint state that the hackers employ brute force cyber attacks against computer systems with weak passwords.
Lax cybersecurity practices are allowing thousands of credentials to fall into the hands of malicious actors.
An underground marketplace known as Ultimate Anonymity Services (UAS) is among the most popular vendors selling access to RDPs. UAS was launched in early 2016 and currently indexes more than 35,000 RDP credentials in a number of countries.
The RDP credentials can be used to access several Windows operating systems ranging from Windows XP to Windows 10.
The cybercriminals behind UAS make posts in English and Russian and do not sell credentials tied to Russian and Baltic accounts.
The researchers at Flashpoint came across thousands of RDP credentials for systems in China (7,200), India (3,000), Spain (1,300), Brazil (6,100) and Colombia (900) that were offered for sale.
The United States was also affected with hundreds of RDP credentials tied to systems mainly in California, Virginia and Ohio.
The price tags of RDP access credentials were dependent on the location and operating system. However, the prices could increase to a maximum of $15.
This was the case if hackers needed information regarding the open ports on the system and the date the credentials were acquired.
While UAS is the most popular dark web market selling remote access credentials, it is not the only one.
A competitor forum known as xDedic is also selling RDP credentials for as low as $10, but some credentials were going for $100.
Remote access to systems can be very dangerous since the victim is often unaware that they have been compromised. The hackers purchasing these credentials can monitor networks, access files and install malicious software on the systems.
Organizations are advised to enforce strong cybersecurity policies that include regular monitoring and network security audits.
Users must implement strong passwords in order to prevent exploitation of RDP through brute force cyber attacks.
It is expected that cyber attacks of this nature will increase as more hackers become aware of the incredibly low price tags on remote access credentials.
Latest posts by Richard (see all)
- Dark Web Hacker Offers Spy Services for $50 - November 16, 2017
- Russian Dark Web Forum Selling GIBON Ransomware - November 13, 2017
- Update Now – Critical TorMoil Vulnerability Found in Tor Browser - November 10, 2017