For Sale: Access To Airport Security

Uploaded on 2018-07-17 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Transport & Travel

The Dark Web has become the hub of illegal activities over the Internet. Everything from credit card numbers to personal information and even classified data about military equipment is being sold for peanuts. 

It has been reported that a hacker stole classified information on US Airforce’s MQ-9 Reaper Drone and sold it on Dark Web

Now, according to the latest research from McAfee’s Advanced Threat Research Team, remote desktop protocol access (RDP), is also on sale, which they have termed as a “huge business” opportunity for cyber-criminals.

Reportedly, cybercriminals are offering stolen access to RDP, which is responsible for key security systems including transit and surveillance as well as building automation system of a high-profile international airport for only $10.

RDP access is available at a number of shops at the Dark Web while an open search analysis of a Russian RDP shop USA (Ultimate Anonymity Service) led McAfee researchers to this discovery.

The purpose of the search was to identify open RDP ports at certain organizations. Their search was narrowed down to three IPs from 65,536 and once a complete IP address was acquired, they managed to search for the WHOIS data to get all the addresses that belonged to a mainstream airport. The name of this airport is yet undisclosed.

Researchers write that the RDP access can lead cyber-criminals to perform almost any activity such as creating false alerts to disrupt internal security team, steal login credentials and confidential data, send spam emails, conduct crypto-mining and launch ransomware attack on the organisation.

RDP what?
Basically, RDP access serves as a route to target systems and attackers may even not need to use other attack tactics like exploit kit, phishing or malware. It is worth noting that Microsoft developed RDP as a proprietary protocol to facilitate access to various machines through a graphical interface and ideally it is used by system administrators. However, if attackers get access to key systems of an organisation using RDP as an entry point, there can be dire consequences.

RDP shops have become the basis for large-scale cyber-attacks and the UAS is the largest of these shops. Currently, RDP shops are selling entry to systems accessible via the RDP port or port 3389. Systems are being marketed in their country, state, IP address, date of addition, ZIP code and bandwidth while their rate varies between $3 and $20. Rate fluctuates according to bandwidth.

Automated transit system of the airport at risk
Researchers identified user accounts including one sys-admin account, two accounts of companies that specialised in airport security and a domain linked with the automated transit system of the airport.

McAfee’s head of cyber investigations John Fokker wrote that it is indeed concerning that such a system of vital public impact can be accessed through the Internet. RDP access was also sold to various government systems including some that linked to the US, healthcare institutions, and medical equipment suppliers.

In order to secure their systems, organisations are urged to use complicated passwords and enable 2FA to ensure that brute-force RDP attacks are prevented or thwarted. Furthermore, RDP connections should not be allowed over open internet and IPs should get blocked after multiple failed login attempts.

“Just as we check the doors and windows when we leave our homes, organisations must regularly check which services are accessible from the outside and how they are secured. Protecting systems requires an integrated approach of defense in depth and proactive attitudes from every employee,” Fokker concluded.

HackRead

You Might Also Read

Munich Airport Receives Accreditation For Cybersecurity Training:

The Cyber Threat To Airports:

 

« The Mueller Investigation Identifies Russian Spies
Don't Leave AI Governance To The Machines »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

SlashNext

SlashNext

The SlashNext Internet Access Protection System (IAPS) provides Zero-Day protection against all internet access threats including Social Engineering & Phishing, Malware, Exploits and Callback Attacks.

Ekran System

Ekran System

Ekran System is an advanced insider threat detection solution for companies of any size.

Intelligent Business Solutions Cyprus (IBSCY)

Intelligent Business Solutions Cyprus (IBSCY)

IBSCY Ltd is a leading provider of total IT solutions and services in Cyprus specializing in the areas of cloud services and applications, systems integration, IT infrastructure and security.

SMESEC

SMESEC

SMESEC is a lightweight Cybersecurity framework for protecting small and medium-sized enterprises (SME) against Cyber threats.

IAmI Authentications

IAmI Authentications

IAmI is a first in Tokenization Cloud-based IAM Security Services, delivering the most advanced form of Two-Factor Authentication.

Kickstart

Kickstart

Kickstart supports your startup in scaling deep technology businesses in Switzerland in areas such as AI, Blockchain and Cybersecurity.

CENSUS

CENSUS

CENSUS is a Cybersecurity services provider offering services to multiple industries worldwide such as Security Testing, Code Auditing, Secure SDLC, Vulnerability Research and Consulting Services.

Dataprise

Dataprise

Dataprise is a leading IT managed services provider offering IT Management and Help Desk Support Services, Cloud Services, Information Security Solution, IT Strategy and Consulting.

RedLegg

RedLegg

RedLegg is a master provider of information security services, a boutique, nimble, old-fashioned customer service company that enjoys the technology battlefield.

Oxford Internet Institute - University of Oxford

Oxford Internet Institute - University of Oxford

The Oxford Internet Institute is a multidisciplinary research and teaching department of the University of Oxford, dedicated to the social science of the Internet.

Enzen

Enzen

Enzen is a global knowledge practice that provides consulting, technology, engineering, operating and innovation services to the energy and utility sectors.

Celebrus

Celebrus

Celebrus Fraud Data Platform, by D4t4 Solutions, works with existing fraud structures to augment functionality and turn fraud management into true fraud prevention.

Beround

Beround

Beround is an IT consultancy firm specialized in software testing.

X-Analytics

X-Analytics

X-Analytics is a cyber risk analytics application to create a better way for organizations to understand and manage cyber risk.

Lighthouse IT

Lighthouse IT

At Lighthouse IT, we are focused on delivering seamless and reliable services to unlock the value of technology for your business.

Technoware Solutions

Technoware Solutions

Technoware Solutions is a global company committed to helping entities navigate the digital waters of modernizing their system processes in an ever changing cybersecurity landscape.