Dark Web marketplaces are selling remote access to desktop PCs for as little as $3, allowing criminals to spy on firms without resorting to malware.
The sale of remote access credentials is allowing attackers to steal data from organisations in healthcare, education, government, retail, and other sectors.
In Window PCs, Microsoft’s Remote Desktop Protocol (RDP) allows individuals to remotely connect to that computer over a network, and is normally used to access virtual desktops, and for the remote management of systems.
But if attackers can compromise access to RDP, it can provide an easy way into a corporate network, opening the door for espionage, data breaches, and more.
As a result, RDP access credentials are increasingly being sold on the Dark Web and underground forums, where merchants offer access to tens of thousands of computers for as little as $3 for a Windows XP system to $9 for Windows 10.
With the right password, hackers can remotely access a network without the victim knowing they’re there.
Researchers at Flashpoint have been monitoring prominent criminal marketplaces that sell RDP details and have found access to systems around the world are up for sale. Often, brute force attacks against systems with poor passwords will allow these credentials to fall into criminal hands.
One of the most popular underground stores selling access is ‘Ultimate Anonymity Services’. Founded in early 2016, UAS offers over 35,000 RDP credentials for sale in a variety of countries and for a variety of Windows operating systems, from Windows XP to Windows 10.