Remote desktop protocol (RDP) access to businesses is now popularly sold and bought on the Dark Web, according the McAfee Advanced Threat research team. In a Wednesday report, they found that organizations' RDPs— Microsoft-developed protocols that allow users to access another computer system remotely—are being sold on the Dark Web for as little as $10. The Dark Web is home to RDP shops that allow hackers to buy the logins for computer systems that could potentially take down major businesses, according to a McAfee press release. RDP is meant to be an efficient medium for accessing a network, which it is, but not always for the right people. When hacking into an RDP, cybercriminals don't have to worry about an organization's cybersecurity defense systems —once they gain access to the system, they're in, said McAfee. Cybercriminals are mainly using RDP access to create false flags, spam, account abuse, credential harvesting, extortion, ransomware, and cryptomining, according to McAfee's research. Anyone with RDP network access can be vulnerable to attack, even government and healthcare institutions, said the release. And with systems posted on the Dark Web at such low prices, they are sure to be bought. Remote accessing systems are vital for many organizations to conduct their businesses, so protection from hackers is crucial. Here are six ways McAfee's research team recommends keeping your system protected:
It only cost $10. While McAfee's Advanced Threat Research team was looking into dark web marketplaces, it found a number of shops offering stolen access to various companies' and groups' systems. Disturbingly, among the findings was access to a major international airport's systems, which could be bought for the low price of just $10. McAfee said the shop appeared to be offering access to the airport's security systems as well as its building automation, surveillance and transit systems. The shop was selling access to the airport's remote desktop protocol (RDP), which gives employees remote access to certain computers on the airport's network. "This access could allow cybercriminals to do essentially anything they want -- create false alerts to the internal security team, send spam, steal data and credentials, mine for cryptocurrency or even conduct a ransomware attack on the organization," McAfee said. The recent SamSam ransomware attacks often used RDP vulnerabilities to gain access to networks. McAfee said that it also came across access to "multiple government systems," some of which were linked to the US, as well as "dozens of connections linked to health care institutions." For security reasons, McAfee didn't name the airport or any other entities that it found access to in its search, but it notified them of the breaches. The company also warned that this is a major problem across industries and it's one that needs to be more effectively addressed. "Governments and organizations spend billions of dollars every year to secure the computer systems we trust," said McAfee. "But even a state-of-the-art solution cannot provide security when the backdoor is left open or carries only a simple padlock."