A group of hackers just posted a “For Sale” notice over several Russian Dark Web forums. The sale involved access to the networks of over 7000+ organizations, the majority of which are educational institutions. From local government agencies, entertainment websites, bars, and other business websites, you name it, and the list goes on. The one thing that all these organizations have in common is that they were all infiltrated via RDP or Remote Desktop Protocol attacks.
Preliminary investigations reveal that the sale is currently on an auction-type offering, which involved a starting price of US$300,000 (but paid in BitCoin, of course).
There’s also an exclusive “take all” purchase for deeply interested and “willing to pay” parties for a relatively small price of US$1,000,000 (or 78 BitCoins) within the Dark Web marketplace.
The price range for this type of information tells the researchers that what the hackers have might actually be of some value and may prove critical for some of the businesses involved.
It’s never easy to determine the exact number of victims that might be vulnerable or fall victim to an RDP attack. Security researchers perform tedious investigations and in-depth exploration to choose these kinds of intrusions’ scope and extent. In general, hackers and researchers can use a unique known industry as an “IoT Finder.” This may not yield the exact number but can give researchers an approximation or estimate of how many were compromised. Using this method, security analysts were able to identify that there are millions of devices exposed and basically open to the public.
With the use of a Honeypot method, security analysts were able to discover the frequency of attacks by hackers that make use of the RDP vulnerabilities. In a span of 2-months, researchers were able to detect almost 500,000 incidences of network security intrusions involving RDP. Ports 5900, 3389, and 445 are among the most attacked ports for RDP, popular among hackers intent on using the exploit for preliminary access to a Corporate network.
But being vulnerable doesn’t necessarily mean that you are open to RDP attacks easily. Machines and other devices connected to the internet can be easily patched, and security upgrades can be easily installed. But still, this number of exposed machines and infrastructures is quite alarming, considering that these might be the only thing hackers will look for to perform an RDP attack or, worse, ransomware or malware.
There’s basically no telling since all they need is access, and they can easily get whatever and do whatever they want as soon as they are inside the network. This might be the sad reality we are in at this age.
Our takeaway here is that other organizations need to take these kinds of threats seriously. The risks involved are just too significant to ignore. There’s no harm in making sure that they patch their exposed networks, update their network security and their security protocols, install additional security software, and check for vulnerable network ports altogether. These should help system administrators and business owners make sure their online assets and information are protected.