RDP access is being used as an entryway for hackers. Be careful yours doesn't end up for sale on the Dark Web.
Remote desktop protocol (RDP) access to businesses is now popularly sold and bought on the Dark Web, according the McAfee Advanced Threat research team. In a Wednesday report, they found that organizations' RDPs-- Microsoft-developed protocols that allow users to access another computer system remotely--are being sold on the Dark Web for as little as $10.
The Dark Web is home to RDP shops that allow hackers to buy the logins for computer systems that could potentially take down major businesses, according to a McAfee press release. RDP is meant to be an efficient medium for accessing a network, which it is, but not always for the right people. When hacking into an RDP, cybercriminals don't have to worry about an organization's cybersecurity defense systems--once they gain access to the system, they're in, said McAfee.
SEE: IT leader's guide to the Dark Web (Tech Pro Research)
Cybercriminals are mainly using RDP access to create false flags, spam, account abuse, credential harvesting, extortion, ransomware, and cryptomining, according to McAfee's research. Anyone with RDP network access can be vulnerable to attack, even government and healthcare institutions, said the release. And with systems posted on the Dark Web at such low prices, they are sure to be bought.
Remote accessing systems are vital for many organizations to conduct their businesses, so protection from hackers is crucial. Here are six ways McAfee's research team recommends keeping your system protected:
- Use complicated passwords and two-factor authentication on your RDP, as this will make brute-force attack more difficult to complete
- Do not conduct or allow RDP connections across open internet
- Lock out or timeout users with too many failed login attempts
- Check event logs regularly for strange login attempts
- Use an account-naming convention that doesn't give away details about your organization
- Make a list of all systems using the network and what protocols they are connected through, including POS systems and Internet of Things (IoT)
SEE: Brute force and dictionary attacks: A cheat sheet (TechRepublic)
The big takeaways for tech leaders:
- Cybercriminals are compromising and selling remote desktop protocol (RDP) access on the dark web for as little as $10, according to the McAfee Advanced Threat research team.
- Keep your organization's RDP access protected with complex passwords, regularly checked failed login attempts, account-naming conventions, and more.
- Reality vs Delusion: An eGuide to the modern threat Landscape (TechRepublic)
- Hackers are using botnets to take the hard work out of breaking into networks (ZDNet)
- Dark Web: The smart person's guide (TechRepublic)
- Researchers find stolen military drone secrets for sale on the dark web (CNET)
- RDP Shield (Download.com)