In more hacker news, which there seems to be a lot of this week, a team of researchers at McAfee discovered that hackers were selling credentials for security and building automation systems at a major unnamed international airport on the dark web for just $10.
The dark web contains online platforms that trade remote desktop protocol (RDP) access to hacked machines, “from which one can buy logins to computer systems to potentially cripple cities and bring down major companies,” according to McAfee’s report.
RDP is a protocol developed by Microsoft that allows users to access remote computers through a graphical interface. Unfortunately, RDP access can be bought for as cheap as 10 dollars.
Attackers look for systems that accept RDP connections and launch brute-force attacks to gain access – basically, a software tries passwords from password dictionaries and ones acquired from recent data breaches until it finds the right one. The so-called RDP shops have inventories from 15 to more than 40,000 RDP connections available for sale.
The unnamed airport used remote desktop protocol (RDP) to allow employees to work through specific computers from outside the local network. Credentials for the airport’s system were selling for 10 dollars at an RDP shop on the dark web. McAfee informed airport admin, which verified the credentials and then proceeded to resolve the issue.
More Facilities at Risk
McAfee’s report also noted that the airport wasn’t the only major facility with an RDP problem, claiming that several government systems were under the same threat, such as health care institutions, “from hospitals and nursing homes to suppliers of medical equipment.”