Security analysts found dark web marketplaces selling employee credentials that can access corporate remote desktop protocol (RDP) servers for as little as $3. This sheds light into a prominent marketplace called Ultimate Anonymity Services (UAS), which has been found selling RDPs stolen from organizations in industries such as healthcare, education, and government.
One online shop, UAS (Ultimate Anonymity Services) in operation since February 2016, offers more than 35,000 brute forced RDPs for sale – 7,216 from China, 6,143 from Brazil, 3,062 from India, 1,335 from Spain and 929 from Colombia, among others.
They are also selling about 300 U.S.-based RDPs, with concentrations in Ashburn, Virginia (52 RDPs), Franklin County, Ohio (52 RDPs), Santa Clara County, California (43 RDPs), Clackamas County, Oregon (36 RDPs) and Alameda County, California (30 RDPs).
This report complements the recent bevy of data breaches and ransomware-related incidents, as access to these systems and networks enables cybercriminals and hackers to steal or hold data hostage. Remember the CRYSIS ransomware attacks in 2016? Brute-forced RDPs were the ransomware’s main entry point.
Point-of-sale malwares such as MajikPOS also used compromised RDPs with remote access Trojans to steal credit card data, which were then sold in underground forums. Since then, brute force RDP attacks are still ongoing affecting both small and large corporations across the globe.
While a wide number of sectors have been affected, the favorite target is still the healthcare sector in the United States.
Several malware and access to certain systems and networks are offered for free in Middle Eastern and North African underground marketplaces. These range from crypto, key-loggers, SQL injection tools, and malware builders. RDPs cost as little as $8 and e-commerce credentials are sold for as little as $1.
Given how remote desktops can be an attacker’s access to your organization, here are some quick countermeasures that you can do by yourself:
- Disallow RDP access, if possible.
- Fight against brute force attacks by strengthening the passwords used to access them. Implement two-factor authentications and account lockout policies.
- Use encryption methods to prevent hackers from snooping on remote network connections.
- Keep your RDP clients and servers updated to prevent vulnerabilities from being exploited.
- Always back up your data regularly.
- Reduce the RDP’s exposure to attacks by disabling or limiting access to shared drives.
Alternatively, you can approach tech companies such as AgilisIT who not only offer network security and IT development services, but also monitors the dark web for your company’s login data.