The price of stolen remote login passwords is dropping. That's a bad sign

The cost of RDP credentials is going down - and it's probably happening because of poor cybersecurity is making log-in details easy to find.
Written by Danny Palmer, Senior Writer

Cyber criminals are lowering the prices they are charging for access to corporate networks

 compromised remote desktop protocol (RDP) logins in a move which indicates how  leaked usernames and passwords are becoming an increasingly more available to hackers as a means gaining access to corporate networks – and demonstrates how poor passwords continue to plague enterprise security.

Remote desktop protocol (RDP) enables employees to securely connect to the servers of their organisation remotely - a practice which has grown during 2020 as employees have increasingly worked from home. RDP is also regularly used by administrator accounts, enabling IT and security teams to perform updates and provide assistance to users.

However, while extremely useful, an improperly secured RDP account or server can provide cyber criminals with easy access to a corporate network with either stolen or easily cracked passwords.

Cybersecurity researchers at Armor analysed 15 different dark web markets and underground cyber criminal forums and found that the average price for RDP credentials has dropped to between $16 and $25, compared with an average of over $20 during 2019. Some dark web vendors are advertising these credentials as "non-hacked", claiming that they haven't been used before.

In many cases, the reason why stolen RDP login credentials have become available in the first place is because they're poorly secured with commonly used and weak passwords, as well as simple-to-guess user names such as 'administrator'.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)

Often an automated brute force attack will uncover these usernames and passwords, providing the access required to the network – or giving an underground vendor with the opportunity to quickly make money by selling the credentials on.

Attackers buying the credentials could use the login details for anything from performing reconnaissance on the network, to using them as a gateway for stealing additional usernames and passwords, confidential information or intellectual property. They could also use the RDP credentials as the first stage of a major malware or ransomware attack against the organisation.

And the way in which the cost of RDP credentials is going down suggests that the problem is getting worse, implying that prices are declining as the underground market gets saturated with more and more remote login details.

"Any time access used to compromise an organization gets cheaper - in this case RDP credentials - this increases the threat for businesses because there is a lower price to entry for the fraudsters," Chris Stouff, CSO of Armor told ZDNet.

It's potentially the case that more login credentials have become available because of the rise in remote working during this year.

However, it's possible for organisations to boost the security of corporate RDP services by following two simple steps. First of all, default credentials should never be used to secure accounts and instead organisations should encourage users to set up a strong password for their account.

Secondly, organisations should apply multi-factor authentication when possible as it provides a substantial barrier to cyber criminals being able to take advantage of accounts – even if the username and password have been leaked.


Editorial standards