Hacked RDP Accounts Are Becoming More Abundant

Hacked RDP Accounts Are Becoming More Abundant

Dennis Snider

379 Posts

158 views

0

Generally, we all like a bargain, but the news that cyber criminals are cutting the prices they charge to allow hackers access into corporate networks is anything but good news.

The price drop demonstrates that it is becoming ever easier for hackers to access leaked passwords and usernames to break into networks, often as a result of weak password security.

One of the big problems in this area is the Remote Desktop Protocol (RDP) that allows workers to make a secure connection with their employer’s service from remote locations, something that has grown hugely in 2020, for obvious reasons. This type of connection has become essential during the pandemic, but it also opens up weaknesses to corporate secure networks, with passwords being stolen or, being set by users, being easy to crack.

RDP password sets are now available for as little as $16 on the dark web, having always cost more than $20 throughout 2019. The main reason these have become so available is that users have employed common and/or weak passwords, and also obvious usernames, e.g., “administrator”. These usernames and passwords can frequently be grabbed using an automated brute force attacks, opening up servers to theft of intellectual property, confidential data, and more usernames/passwords; they are also the first step into launching malware or ransomware attacks.

The recent drop in price for RDP credentials indicates that this is an increasing problem and that more and more RDP credentials are becoming available to the criminal market. As remote working seems to be here to stay for at least half of the coming year, with more and more people using such credentials, it may be the case that the problem will only get worse.

Fortunately, there are simple ways in which organisations can protect themselves against this market in stolen credentials. Firstly, it should be ensured that no accounts are secured using default credentials; every remote worker should be reminded of their obligation to create strong passwords, preferably using an automatic password generator for maximum security.

The other important step that organisations can take is to use multifactor authentication so that anyone logging in using a username and password will also have to supply a code sent to their mobile phone or similar. This means that even if hackers manage to obtain a username and password, it will remain useless to them.