[BreachExchange] Dark Web markets selling remote access to corporate PCs for just $3 allowing hackers to spy on firms

Destry Winant destry at riskbasedsecurity.com
Thu Oct 26 09:30:02 EDT 2017 

http://www.ibtimes.co.uk/dark-web-markets-selling-remote-access-corporate-pcs-just-3-allowing-hackers-spy-companies-1644449

Dark web vendors are now selling remote access to corporate computers
for as little as $3 (£2.28). Dark web marketplaces have begun
increasingly selling credentials to hacked Remote Desktop Protocol
(RDP) servers, which allow hackers to spy on and steal data from
companies without using malware.

In case of Windows PCs, RDPs could allow hackers to remotely access a
computer and compromise a corporate network, leaving the firm open to
potential data breaches, espionage and more. This makes RDPs valuable
to cybercriminals.

According to security experts at Flashpoint, RDPs from across the
globe are currently up for sale in the popular dark web market
Ultimate Anonymity Services (UAS). RDPs being sold were sourced from
healthcare, education and government organisations.

"UAS offers SOCKs proxies in addition to over 35,000 brute forced RDPs
for sale," Flashpoint researchers said in a blog. "UAS offers RDPs
sourced from countries across the world; however, in keeping with
Eastern European cybercriminal norms, the shop does not offer RDPs
from the Commonwealth of Independent States (CIS)."

Over 7,200 RDPs from China, 6,100 from Brazil, 3,000 from India, 1,300
from Spain and 900 from Colombia were found being sold on UAS.
According to the Flashpoint researchers, these countries may have a
higher number of exposed RDPs presumably because of "lax cybersecurity
hygiene" involving remote connection monitoring. UAS also offers
around 300 US-based RDPs, from Virginia, Ohio, Oregon and California.

Regardless of the country of origin, RDPs on UAS were priced between
$3 and $10. In comparison, xDedic, yet another dark web market and a
competitor of UAS, offered RDPs for over $100 in some cases. "UAS'
lower prices may contribute to the growing popularity of the shop
among cybercriminals," the Flashpoint researchers said, adding that
cybercriminals' interest in UAS "will likely continue growing".

More information about the BreachExchange mailing list