The Hacker news | Hacker puts Airport's security system Access on dark web sale for just 10 US dollars

This week on the hacker news.

Black markets on the Dark web are not just known for buying illegal drugs, it is an enormous hidden network where you can buy lots of stuff you can imagine—from weapons, counterfeit currencies, pornography to hacking tools, malware, exploits, and zero-days.


the hacker news

If you’re unable to find it on Google, you will certainly find it on the Dark Web.

The RDP(remote desktop protocol) shop, is one of the underground market-place on Dark Web, a platform that enables anyone to purchase RDP access to hundreds and thousands of hacked machines for a small fee.

Security researchers from the McAfee's Advanced Threat Research team learned that an individual is selling remote access linked to security systems at an International airport for $10 while examining plenty underground RDP shops,

Yes, that's $10!\

the hacker news

Researchers decided to use the Shodan search engine to get the exact IP address of the hacked Windows Server, Instead of purchasing RDP credential. It happened that the administrator account was up for sale.

When they found their way on its login screen through Windows RDP, they discovered there were two more accounts which were "linked with two companies specializing in airport security; one in camera surveillance and video analytics, the other in security and building automation."

"We failed to investigate the full level of access of these accounts, but a compromise might offer a great foothold and lateral movement through the network with the use of tools such as Mimikatz," the researchers wrote. 

"We executed the exact same search on the other login account and found that the domain is most likely linked with the airport's automated transit system, the passenger transport system that connects terminals."

Black market traders usually gain access to RDP credentials by simply scanning the Internet for systems that accept RDP connections, according to the researchers. Then after such traders must have found what they are looking for, they go ahead and launch brute-force attack with popular tools like Hydra, NLBrute or RDP Forcer to gain access.

the hacker news

Once the individual successfully logs into the remote system and gains access to the system, they place the connection details up for sale on the Dark Web.

Anyone who purchases access to such machines will be able to move laterally within the network, alter settings, create backdoors, install trojans and steal data.

As a way out of this mess, organizations should consider taking necessary RDP security measures, such as:

  •          Halting access to RDP connections over the open Internet

  •         Using complicated pass and 2-factor authentication to make brute-force RDP attacks much              harder to succeed

  •          blocking users and IPs that have many failed login attempts

     More on the hacker news.


Post a Comment