Did you know that entire online identities are up for grabs on the Dark Web for cheap? Stolen accounts include Netflix, Uber, Spotify and Airbnb logins (all yours for the low price of $10 each), email accounts like Gmail and Yahoo (as low as $1) and social media accounts (around $2 each).
However, these are not the only items that are up for grabs within the shady corners of the internet. The Dark Web also has a thriving underground market for drugs, money laundering, hacking software and cybercrime activity.
In fact, aside from personal information, hackers and black market peddlers are also setting up shop selling some of the most potent pieces of hacking information out there – computer remote access credentials for companies and government facilities!
Read on and let’s explore why these types of stolen information can put us all in grave danger.
But what is the Dark Web exactly? Click below and listen as Kim Komando breaks it down for you in this two-part podcast episode:
A scary problem
Cybersecurity researchers from MacAfee’s Advanced Threat Research team have recently discovered a frightening fact – hackers are selling U.S. government remote access credentials on the Dark Web for as low as $10.
These credentials can then be used to gain access to the computer systems of key facilities like airports, hospitals, and other government facilities remotely via RDP.
As you may well know, Window’s Remote Desktop Protocol (RDP) is a tool for viewing and controlling a PC remotely, from outside the local network.
Majority of the issues stem from the use of weak RDP passwords on these networks, allowing hackers to use “brute-force” attacks to steal the credentials. Note: Brute-force is an attack technique where countless variations of character combinations are entered in search of a password match.
Cheap RDP Credentials
In their investigation, McAfee found that various Dark Web RDP specialty shops are selling these connections in bulk. Among the ones for sale are remote access credentials to various government institutions like health care facilities and hospitals.
According to McAfee, the RDP shops peddle systems ranging from Windows XP through Windows 10, with Windows 2008 and 2012 Server as the most abundant systems.
“Prices ranged from around U.S. $3 for a simple configuration to $19 for a high-bandwidth system that offered access with administrator rights,” McAfee’s John Fokker wrote in a blog post.
Some of the most critical credentials found were the passwords for the security and building automation systems of an unnamed major international airport. The price tag for these? A paltry $10.
Thankfully, the admins of the airport have verified the credentials and they have resolved the issue after they were informed by McAfee. As you could probably imagine, the consequences of an RDP attack of a critical facility like an airport can be disastrous.
McAfee’s team noted that RDP logins like these can cripple cities or even bring down major companies when used by malicious actors.
How do hackers steal these credentials?
McAfee stated that these attackers can simply scan the internet with a tool like Shodan for vulnerable systems that accept RDP connections. Once a target is found, they then launch brute-force dictionary attacks with tools such as Hydra, NLBrute or RDP Forcer to get access to the system.
Once the hackers successfully break in, they don’t actually do anything. They simply record the credentials, add them to their inventory and then put them up for sale on the Dark Web.
Buyers can, of course, use these credentials to infiltrate a target system and do all sorts of malicious activity like data theft, ransomware installation or mine cryptocurrency. Since these hackers can have total control of the remote computer, anything is possible.
How to protect against RDP hacks
The best solution to this growing problem is to have computer system administrators make sure that they’re properly securing their remote access systems.
It doesn’t matter if a computer has the latest and greatest security software installed, if a system can be taken over remotely due to weak RDP credentials, then it’s game over.
To protect your computer or network from RDP attacks, here are some suggestions you can employ:
- Have a lockout and blocking policy for IPs that have too many failed login attempts. This should prevent brute-force attacks.
- Next, do not allow RDP access over the open internet where it’s vulnerable to scanners.
- Administrators must regularly check logs for unusual login attempts.
- Have a checklist of all the local and remote systems that are connected to the network.
- Use two-factor authentication whenever possible.
- Always use long, unique and complex passwords then change them regularly.