For Sale: Access To Airport Security

Uploaded on 2018-07-17 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Transport & Travel

The Dark Web has become the hub of illegal activities over the Internet. Everything from credit card numbers to personal information and even classified data about military equipment is being sold for peanuts. 

It has been reported that a hacker stole classified information on US Airforce’s MQ-9 Reaper Drone and sold it on Dark Web

Now, according to the latest research from McAfee’s Advanced Threat Research Team, remote desktop protocol access (RDP), is also on sale, which they have termed as a “huge business” opportunity for cyber-criminals.

Reportedly, cybercriminals are offering stolen access to RDP, which is responsible for key security systems including transit and surveillance as well as building automation system of a high-profile international airport for only $10.

RDP access is available at a number of shops at the Dark Web while an open search analysis of a Russian RDP shop USA (Ultimate Anonymity Service) led McAfee researchers to this discovery.

The purpose of the search was to identify open RDP ports at certain organizations. Their search was narrowed down to three IPs from 65,536 and once a complete IP address was acquired, they managed to search for the WHOIS data to get all the addresses that belonged to a mainstream airport. The name of this airport is yet undisclosed.

Researchers write that the RDP access can lead cyber-criminals to perform almost any activity such as creating false alerts to disrupt internal security team, steal login credentials and confidential data, send spam emails, conduct crypto-mining and launch ransomware attack on the organisation.

RDP what?
Basically, RDP access serves as a route to target systems and attackers may even not need to use other attack tactics like exploit kit, phishing or malware. It is worth noting that Microsoft developed RDP as a proprietary protocol to facilitate access to various machines through a graphical interface and ideally it is used by system administrators. However, if attackers get access to key systems of an organisation using RDP as an entry point, there can be dire consequences.

RDP shops have become the basis for large-scale cyber-attacks and the UAS is the largest of these shops. Currently, RDP shops are selling entry to systems accessible via the RDP port or port 3389. Systems are being marketed in their country, state, IP address, date of addition, ZIP code and bandwidth while their rate varies between $3 and $20. Rate fluctuates according to bandwidth.

Automated transit system of the airport at risk
Researchers identified user accounts including one sys-admin account, two accounts of companies that specialised in airport security and a domain linked with the automated transit system of the airport.

McAfee’s head of cyber investigations John Fokker wrote that it is indeed concerning that such a system of vital public impact can be accessed through the Internet. RDP access was also sold to various government systems including some that linked to the US, healthcare institutions, and medical equipment suppliers.

In order to secure their systems, organisations are urged to use complicated passwords and enable 2FA to ensure that brute-force RDP attacks are prevented or thwarted. Furthermore, RDP connections should not be allowed over open internet and IPs should get blocked after multiple failed login attempts.

“Just as we check the doors and windows when we leave our homes, organisations must regularly check which services are accessible from the outside and how they are secured. Protecting systems requires an integrated approach of defense in depth and proactive attitudes from every employee,” Fokker concluded.

HackRead

You Might Also Read

Munich Airport Receives Accreditation For Cybersecurity Training:

The Cyber Threat To Airports:

 

« The Mueller Investigation Identifies Russian Spies
Don't Leave AI Governance To The Machines »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

NSFOCUS Information Technology

NSFOCUS Information Technology

NSFOCUS is a global service provider and enterprise DDoS mitigation solution provider.

F-Response

F-Response

F-Response is a software utility that enables an investigator to conduct live Forensics, Data Recovery, and eDiscovery over an IP network using their tools of choice.

Cloudbric

Cloudbric

Cloudbric is a cloud-based web security service, offering award-winning WAF, DDoS protection, and SSL, all in a full-service package.

CERT-PY

CERT-PY

CERT-PY is the national Computer Emergency Response Team for Paraguay.

Mixed Mode

Mixed Mode

Mixed Mode is a specialist in embedded and software engineering for applications including IoT and secure embedded systems.

RiskIQ

RiskIQ

RiskIQ is the leader in digital threat management, providing the most comprehensive discovery, intelligence, and mitigation of threats associated with an organization’s digital presence.

Custodio Technologies

Custodio Technologies

Custodio Technologies was established as a Singaporean R&D Centre of Israel Aerospace Industries (IAI) in order to spearhead R&D activities in the field of cyber early warning.

Olfeo

Olfeo

Olfeo is a content filtering software vendor. Our proxy and filtering solution helps our customers to manage, monitor and secure their Internet traffic.

Gilbert + Tobin

Gilbert + Tobin

Gilbert + Tobin is an Australian corporate law firm serving clients throughout Australia, and around the world, on a broad range of legal issues including cyber security.

Veracity Industrial Networks

Veracity Industrial Networks

Veracity provides an innovative industrial network platform that improves the reliability, efficiency, and security of industrial networks and devices.

PurpleSynapz

PurpleSynapz

PurpleSynapz provides hyper-realistic Cyber Security Training with a modern curriculum and Cyber Range.

Sontiq

Sontiq

Sontiq is committed to providing best-in-class, highly scalable, award-winning identity security solutions to consumers, businesses and government agencies.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Insight Enterprises

Insight Enterprises

Insight is a leading solutions integrator, helping you navigate today’s ever-changing business environment with teams of technical experts and decades of industry experience.

PDI Technologies

PDI Technologies

PDI Technologies helps convenience retail and petroleum wholesale businesses around the globe increase efficiency and profitability by securely connecting their data and operations.

Qodea

Qodea

Qodea (formerly Appsbroker CTS) is Europe's largest Google Premier only transformation partner.