The number of cyber crimes have increased exponentially with their engagement on the dark web consistently on the rise as hackers are selling stolen data to highest bidders.
The sales or purchase of stolen login credentials have long been a game in the dark web ecosystem for a pretty long period of time and analysts believes there is a sharp increase in the number of these activities as there are more Initial Access Brokers.
The process work as hackers steal relevant credentials from networks and then sell them to other cyber criminals.
Hackers now hold the middleman position rather than actually doing the work of exploiting and making direct profit over the stolen credentials they have.
Access via Remote Desktop Protocol (RDP) is the most sought-after listing by cyber criminals. Having this provides a faster remote access to an entire corporate network as it allow attackers to start with a legitimate login credentials before switching to remote access to computers which in turn makes the process much less suspicious.
This demand – and the potential access it offers – is reflected in the price of listings, with an average selling price for access via RDP starting at $9,765. One likely conclusion is that the higher the price, the higher the number of machines the buyer would be able to access – providing more opportunity for exploitation.
The Ransomware gangs are notorious for using this access as they can potentially make back whatever amount they might have spent purchasing the credentials in the first place.
Ransom demands have been in the regions of thousands and even in millions of dollars.
Expensive access listings are likely reflected in the quality of the target, Stefano De Blasi, threat researcher at Digital Shadows, told reporters, “for example, RDP access with admin privileges and access to sensitive data.”
The sales of RDP isn’t a new practice just that it’s seen a big spike in remote working since 2020 as much enterprises have switched to using RDP access which in turn provides cyber attackers a easy path to strike.
Often, it’s relatively simple for the cyber criminals acting as access brokers to find insecure RDP connections with publicly available tools.
There are even situations whereby RDPs are set up using easy-to-guess passwords while some users go with the default passwords which makes it easy for them to be targeted by cyber attackers.
Exploitation of the RDPs will continue as a foolproof way of breaching enterprise networks which is why organizations need to create a stronger strategy that will ensure the security of remote access when required while also being able to apply multi-factor authentication in order to avoid the use of easy-to-guess passwords.
“In practice, the fundamentals of protecting information, such as one-time complex passwords and IT monitoring practices, can go a long way in thwarting most superficial attacks,” said Blasi.
This post was originally published on ZDnet