Dark Web marketplaces are selling remote access to desktop PCs for as little as $3, allowing criminals to spy on firms without resorting to malware.
Tech Pro Research
The sale of remote access credentials is allowing attackers to steal data from organisations in healthcare, education, government, retail, and other sectors.
In Window PCs, Microsoft's Remote Desktop Protocol (RDP) allows individuals to remotely connect to that computer over a network, and is normally used to access virtual desktops, and for the remote management of systems.
But if attackers can compromise access to RDP, it can provide an easy way into a corporate network, opening the door for espionage, data breaches, and more.
As a result, RDP access credentials are increasingly being sold on the Dark Web and underground forums, where merchants offer access to tens of thousands of computers for as little as $3 for a Windows XP system to $9 for Windows 10.
With the right password, hackers can remotely access a network without the victim knowing they're there.
Researchers at Flashpoint have been monitoring prominent criminal marketplaces that sell RDP details and have found access to systems around the world are up for sale. Often, brute force attacks against systems with poor passwords will allow these credentials to fall into criminal hands.
One of the most popular underground stores selling access is 'Ultimate Anonymity Services'. Founded in early 2016, UAS offers over 35,000 RDP credentials for sale in a variety of countries and for a variety of Windows operating systems, from Windows XP to Windows 10.
The gang behind the store makes posts in Russian and English, and like many Eastern European-based operations, it doesn't sell credentials of Russian or Baltic accounts. However, the rest of the world is fair game, and researchers found thousands of RDP details for computers in China, Brazil and India for sale on UAS.
See also: Cyberwar: A guide to the frightening future of online conflict | Ransomware: An executive guide to one of the biggest menaces on the web | How the Dark Web works
UAS also offers hundreds of RDP credentials for targets across the United States - mostly focused around Virginia, Ohio and California.
Related coverage
Hackers snag a $1 laptop by exploiting flaw in point-of-sale systems
Missing authorization checks in point-of-sale systems let hackers manipulate the price of goods at the checkout.
ATM malware available online for only $5,000
Malware which forces ATMs to hemorrhage cash has been discovered for sale on the Dark Web at an unfortunately accessible price.
READ MORE ON CYBERCRIME
- The Dark Web is the place to go to find bugs before public disclosure
- Russian hackers are selling British officials' passwords [CNET]
- Cybercrime Inc: How hacking gangs are modeling themselves on big business
- Underground market selling details of compromised servers in 173 countries
- Report: The US government has a massive footprint on the darknet [TechRepublic]
- Governments and nation states are now officially training for cyberwarfare: An inside look
- Video: The impending cybersecurity disaster of industrial control systems
- Devastating attacks to public infrastructure 'a matter of when' in the US
- Understanding the military buildup of offensive cyberweapons
- Video: The Internet of Insecure Things, and why we're still in denial
- Cybercrime Inc: How hacking gangs are modeling themselves on big business
- Why ransomware is exploding, and how your company can protect itself