Security experts have found that Dark web vendors are now selling remote access to corporate computers for as little as $3 (£2.28). Dark web marketplaces have begun increasingly selling credentials to hacked Remote Desktop Protocol (RDP) servers, which allow hackers to spy on and steal data from companies without using malware. Tyler Reguly, Manager of Security Research and Development at Tripwire commented below.
Tyler Reguly, Manager of Security Research and Development at Tripwire:
“There is a reason that PCI ASVs are required to include a special note upon discovery of remote access software when performing quarterly scans for customers, this level of access can often give you the keys to the Kingdom. PCI Scan Customers are required to justify the business need of having this software accessible via the Internet and, in many cases, I suspect that a valid business need would be hard to find. Any remote access service should be considered a risk, but those giving access to a corporate network should be handled with extra care. Attackers are constantly working to gain access to new systems to use to mask their identity, to gather data, or just to spread their tools across more hosts. Looking at one of my personal servers, I’m seeing 2252 access attempts in a 24-hour window. This is just a random IP on the Internet, imagine how much more interesting a corporate environment would be. Any business should look critically at their infrastructure and determine if they truly require internet facing remote access services. The first choice for this type of access should always be a VPN, any sort of terminal or console access should only be considered if the possibility of a VPN is unavailable. Additionally, and this is the most important thing to remember, regardless of the choice of remote access, it should always use two-factor authentication (2FA). It doesn’t matter if employees complain, if the service doesn’t seem important enough for the investment, or if you’re only setting it up “temporarily” (we all know it’ll become permanent), 2FA ensures that weak or leaked passwords will not lead to organizational compromise. If you’re still on the fence about implementing 2FA or making an investment, consider this. When parents head out for the evening, they don’t leave their child home alone and say, “Well, we locked the door, they’ll be fine.” They hire a babysitter, leave contact details and emergency numbers, and then, as they’re leaving, they lock the door. Think of 2FA as your babysitter, ensuring that the door remains locked and everything stays safe.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.