If you are given $10, what is enough?
Enough to buy a movie ticket or eat a two-person fort package, enough to take a taxi from Guomao to Zhongguancun........
What if you give the hacker $10?
McAfee's security researcher told us that this is enough for hackers to buy weapons on the dark network and attack the airport's remote control system, sending spam, creating fake security alerts, stealing data and credentials, and mining mines with the server. …
According to foreign media securityaffairs, McAfee's security researchers recently analyzed the sales of RDP access rights in various industries on the black market. They visited several dark web stores that provided such services ↓↓↓
Lei Feng found that the largest dark net store named "UAS" (Ultimate Anonymity Service), literally translated is "the ultimate anonymity service", this store is from Russia, it can provide more than 40,000 RDP of all walks of life access permission.
Ranked second is a store called “BlackPass”, which has more than 10,000 RDP permissions, but it is rich in service types, and it provides other kinds of weapons for hackers.
Ranked third is a store called Flyded. Although the old XDedic is only 1000, it was not known because it was discovered by Kaspersky experts in June 2016.
Why do dark-net merchants start doing RDP-privileged business?
Because this tool is cheap and good for hackers.
In the hacker circle, this tool is becoming more and more popular, especially with it to distribute malware. For example, the infamous SamSam ransomware is distributed through this tool. More importantly, this tool is very cheap. According to McAfee's security researcher, the RDP permissions of some high-value networks are less than $1 in the price of the dark network. After the hackers buy it, sometimes they simply scan the important information and then quietly leave ~~ ~
Currently, sellers on the black market offer RDP access to a variety of systems, ranging from Windows XP to Windows 10, with Windows 2008 and 2012 Server being the most popular systems, with 11,000 and 6500 for sale, respectively.
RDP access varies depending on the permissions. For example, the minimum normal access is $3, and for administrator access, $19 is required.
Security researchers have found that the services offered by UAS Shop and BlackPass are characterized by hundreds of identically equipped equipment systems associated with Dutch municipalities, housing associations and medical institutions, which are important targets for hackers.
In analyzing the UAS store, the researchers found that the recently added Windows Server 2008 R2 standard machine sold for only $10 at one of the major international airports in the United States.
The seller provides three different permissions, namely a user account, an administrator account, and a third-party company account. These company accounts include a company specializing in airport security and building automation, and another camera-specific surveillance and video analysis for the airport. the company.
This kind of access can be very dangerous. Imagine what happens if a hacker can control building control and camera control throughout the airport.
Lei Feng.com (Public No.: Lei Feng) found that even more researchers were even more shocked by the fact that they could use the relevant accounts to enter the “automatic transportation system of the airport” and directly connect to the terminal's passenger transportation system.
Now that we know ransomware like SamSam, attackers can indeed use the RDP permissions sold by DarkNet to attack and get potential high-value ransomware victims at a low price. We found that the system associated with major international airports can be purchased for only $10.
In other words, hackers don't need to buy zero-day vulnerabilities at a high price, and don't need to carefully design phishing activities or puddle attacks, and directly buy remote control system permissions.
“Governments and organizations spend billions of dollars each year to protect our trusted computer systems. But even the most advanced solutions can't provide security when the back door is open or with simple protection. “