For Sale: Access To Airport Security

The Dark Web has become the hub of illegal activities over the Internet. Everything from credit card numbers to personal information and even classified data about military equipment is being sold for peanuts. 

It has been reported that a hacker stole classified information on US Airforce’s MQ-9 Reaper Drone and sold it on Dark Web

Now, according to the latest research from McAfee’s Advanced Threat Research Team, remote desktop protocol access (RDP), is also on sale, which they have termed as a “huge business” opportunity for cyber-criminals.

Reportedly, cybercriminals are offering stolen access to RDP, which is responsible for key security systems including transit and surveillance as well as building automation system of a high-profile international airport for only $10.

RDP access is available at a number of shops at the Dark Web while an open search analysis of a Russian RDP shop USA (Ultimate Anonymity Service) led McAfee researchers to this discovery.

The purpose of the search was to identify open RDP ports at certain organizations. Their search was narrowed down to three IPs from 65,536 and once a complete IP address was acquired, they managed to search for the WHOIS data to get all the addresses that belonged to a mainstream airport. The name of this airport is yet undisclosed.

Researchers write that the RDP access can lead cyber-criminals to perform almost any activity such as creating false alerts to disrupt internal security team, steal login credentials and confidential data, send spam emails, conduct crypto-mining and launch ransomware attack on the organisation.

RDP what?
Basically, RDP access serves as a route to target systems and attackers may even not need to use other attack tactics like exploit kit, phishing or malware. It is worth noting that Microsoft developed RDP as a proprietary protocol to facilitate access to various machines through a graphical interface and ideally it is used by system administrators. However, if attackers get access to key systems of an organisation using RDP as an entry point, there can be dire consequences.

RDP shops have become the basis for large-scale cyber-attacks and the UAS is the largest of these shops. Currently, RDP shops are selling entry to systems accessible via the RDP port or port 3389. Systems are being marketed in their country, state, IP address, date of addition, ZIP code and bandwidth while their rate varies between $3 and $20. Rate fluctuates according to bandwidth.

Automated transit system of the airport at risk
Researchers identified user accounts including one sys-admin account, two accounts of companies that specialised in airport security and a domain linked with the automated transit system of the airport.

McAfee’s head of cyber investigations John Fokker wrote that it is indeed concerning that such a system of vital public impact can be accessed through the Internet. RDP access was also sold to various government systems including some that linked to the US, healthcare institutions, and medical equipment suppliers.

In order to secure their systems, organisations are urged to use complicated passwords and enable 2FA to ensure that brute-force RDP attacks are prevented or thwarted. Furthermore, RDP connections should not be allowed over open internet and IPs should get blocked after multiple failed login attempts.

“Just as we check the doors and windows when we leave our homes, organisations must regularly check which services are accessible from the outside and how they are secured. Protecting systems requires an integrated approach of defense in depth and proactive attitudes from every employee,” Fokker concluded.

HackRead

You Might Also Read

Munich Airport Receives Accreditation For Cybersecurity Training:

The Cyber Threat To Airports:

 

« The Mueller Investigation Identifies Russian Spies
Don't Leave AI Governance To The Machines »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Irish Reporting & Information Security Service (IRISS)

Irish Reporting & Information Security Service (IRISS)

IRISS-CERT is Ireland's first CSIRT (Computer Security Incident Response Team) to provide services to all users within Ireland.

Rambus Security Division

Rambus Security Division

Rambus Security Division solutions span areas including tamper resistance, content protection, network security, mobile payment, smart ticketing, and trusted provisioning services.

Bayshore Networks

Bayshore Networks

Bayshore Networks was founded to safely and securely protect Industrial IoT (IIoT) networks, applications, machines and workers from cyber threats.

iLand

iLand

iland is a global cloud service provider of secure and compliant hosting for infrastructure (IaaS), disaster recovery (DRaaS), and backup as a service (BaaS).

Devo Technology

Devo Technology

Devo Security Operations is a next-gen cloud SIEM that enables you to gain complete visibility, reduce noise, and focus on the threats that matter most to the business.

International Computer Science Institute (ICSI)

International Computer Science Institute (ICSI)

ICSI is a leading independent, nonprofit center for research in computer science. Research areas include network security and privacy.

Black Kite

Black Kite

Black Kite (formerly NormShield) provides comprehensive Security-as-a-Service solutions focused on cyber threat intelligence, vulnerability management and continuous perimeter monitoring.

Identillect Technologies

Identillect Technologies

Identillect Technologies provide a user-friendly secure email solution to protect critical information, with an emphasis on simplicity.

Aptiv

Aptiv

Aptiv is a global technology company that develops safer, greener and more connected solutions enabling the future of mobility.

Adzuna

Adzuna

Adzuna is a search engine for job ads used by over 10 million visitors per month that aims to list every job everywhere, including thousands of vacancies in Cybersecurity.

Polymer Solutions

Polymer Solutions

Polymer is a Data Governance & Privacy Platform for third party SaaS apps. A modern Data Loss Protection (DLP) approach to remove sensitive data exposure on collaboration tools in real-time.

Presidio

Presidio

Presidio is a leading North American IT solutions provider focused on Digital Infrastructure, Business Analytics, Cloud, Security & Emerging solutions.

Magna5

Magna5

Magna5 is a managed IT service provider focusing in network and server monitoring, backup and disaster recovery, cybersecurity, help desk and SD-WAN.

NexGen Cyber

NexGen Cyber

NexGen Cyber helps customers in commercial SMB markets with IT security, security integration, service management, outsourced service transition, and transformative security solutions.

SecureLake

SecureLake

SecureLake (formerly Managni) is one of the most trusted US-based IT security and infrastructure companies.

Cyberleaf

Cyberleaf

Cyberleaf is simplified managed cybersecurity for MSPs, enabling top tier cyber protection for small and medium enterprise.