Hackers are Selling Backdoors Into PCs for Just $10

Discussion in '[H]ard|OCP Front Page News' started by Montu, Jul 13, 2018.

  1. Montu

    Montu [H]ard DCOTM x4

    Messages:
    7,461
    Joined:
    Apr 25, 2001
    Just the other day we were talking about military documents on the dark web selling for as little as $200 and today the talk is about hackers selling backdoors into PCs for just $10 on the dark web. This latest offer was discovered when researchers at McAfee Labs looked into the sale of remote desktop protocol access on the dark web. Apparently, there are tens of thousands of compromised systems listed there and you can buy access if you want. This is a pretty serious issue because you can do just about anything you want to the machine you gain access to. Most of those systems listed are running Windows 2008/2012 Server. Tighten up your security folks!

    RDP access is a standard tool which allows one user to connect to and control another user's computer over a network. The process is often used for support and administration, but in the wrong hands, RDP can be leveraged with devastating consequences...
     
  2. motomonkey

    motomonkey [H]ard|Gawd

    Messages:
    1,110
    Joined:
    Jan 17, 2009
    That is frankly terrifying.

    Back door access to a place like I work would be a nightmare, the medical records, including SSN, next of kin, addresses and phone numbers financial data, basically everything you need to hijack a persons life of hundreds of thousands of patients.

    Lot of trust being placed on the shoulders of your IT people.
     
  3. Biznatch

    Biznatch [H]ard|Gawd

    Messages:
    1,915
    Joined:
    Nov 16, 2009
    Except you can't silently RDP to a machine with a user logged in.... It would give them a prompt asking to log off so the other user can log in. A workstation shouldn't be on when not in use, and workstations/servers should NOT have a direct RDP connection that doesn't proxy through some kind of bastion box....
     
  4. nutzo

    nutzo [H]ardness Supreme

    Messages:
    6,805
    Joined:
    Feb 15, 2004
    A few years ago, we used to have a remote desktop connection (terminal server) opened to the internet.
    It was limited to a number of people I specifically gave access.

    I eventually had to disable it due to the huge number of hackers that kept pounding the connection trying to get in.
    There was so much traffic, it was slowing down the server. :eek:
     
  5. katanaD

    katanaD [H]ard|Gawd

    Messages:
    1,262
    Joined:
    Nov 15, 2016
    onsite servers/workstations that sit behind a firewall, should NOT be directly RDP accessible.. yet i have seen places that do that.. :eek:


    hosted servers, is a bit trickier.
     
  6. Zarathustra[H]

    Zarathustra[H] Pick your own.....you deserve it.

    Messages:
    24,675
    Joined:
    Oct 29, 2000
    I'd even argue "Never run Windows on a Server".

    Except Ecxhange. You don't really have an option there. But you can run it in a really locked down VM.
     
    Last edited: Jul 13, 2018
    qb4ever likes this.
  7. Cr4ckm0nk3y

    Cr4ckm0nk3y Gawd

    Messages:
    766
    Joined:
    Jul 30, 2009
    Backdoor entry for only $10??? ;)
     
  8. SomeoneElse

    SomeoneElse [H]ard|Gawd

    Messages:
    1,321
    Joined:
    Jan 16, 2007
    Its a never ending assault....i try to explain this to my wife but she doesn't really get it or care to understand it. I had to tell her to rethink using her yahoo account to get her medical emails.
     
  9. Biznatch

    Biznatch [H]ard|Gawd

    Messages:
    1,915
    Joined:
    Nov 16, 2009
    At minimum you should use a bastion box. But it really should require a VPN tunnel in order to RDP.
     
  10. THRESHIN

    THRESHIN 2[H]4U

    Messages:
    2,740
    Joined:
    Sep 29, 2002
    And here I was thinking that my backdoor wasn't worth anything on the open market
     
    lostin3d and auntjemima like this.
  11. Mega6

    Mega6 Gawd

    Messages:
    686
    Joined:
    Aug 13, 2017
    Remote Desktop, Really? Sounds like the front door, garage open with a car and the keys left in it.
     
  12. Mode13

    Mode13 [H]Lite

    Messages:
    85
    Joined:
    Jun 11, 2018
    Were filing cabinets really THAT bad? Why does all of our personal information HAVE to be stored on the computer of every company we do business with? My information is probably in at least thousands of different locations and all it takes is one for my information to all be leaked.
     
  13. _l_

    _l_ Gawd

    Messages:
    970
    Joined:
    Nov 27, 2016
    because all humans are insane from birth
     
  14. auntjemima

    auntjemima Hand Jobs Legend

    Messages:
    3,721
    Joined:
    Mar 1, 2014
    Lots of shoulds in there.
     
  15. JavaLava

    JavaLava n00bie

    Messages:
    44
    Joined:
    Apr 3, 2018
    You will be surprised how many places do...its terrifying in fact. RDP hacks are one of the most common hacks going around this year. There is a reason why ransomeware is becoming more widespread and one of the most common way it gets into someone environment is thru RDP.

    There are also tons of admins who enable SSH on internet facing public interfaces of there equipment for "convenience" and accessibility from home.

    My moto I been spreading around the office when someone proposes a insecure solution... "if you make it easy for you...you make it easy for them (them being the douchebag hackers)".
     
    GoldenTiger likes this.
  16. lostin3d

    lostin3d [H]ard|Gawd

    Messages:
    1,158
    Joined:
    Oct 13, 2016
    I'll never forget the face/palm moment I had when our IT security professor gave us a link to a teenage(13-15 maybe) kid showing users how to bypass W7 login screens to gain access to the user files and reset passwords just to give us a clue of how much is readily available now. C'mon folks, $10 is still too much if you can spend a little time on the tube. Seriously though, I still find network users to be the hugest risk. The disconnect between humans and personal responsibility of their tech is astounding to me, but then again I still read police reports about cars broken into with the doors unlocked or the keys still in them and being stolen altogether.
     
  17. lostin3d

    lostin3d [H]ard|Gawd

    Messages:
    1,158
    Joined:
    Oct 13, 2016
    Montu

    Been wondering if were getting close to that once a year day when Kyle posts all the latest scary security stuff some of us dread. I remember last years caused me to lose a few hairs for sure. From work computers to home devices to cars, it was a doozy last year and these recent stories remind me of that.
     
    GoldenTiger likes this.
  18. IndyColtsFan

    IndyColtsFan [H]Lite

    Messages:
    85
    Joined:
    Jul 4, 2017
    Not necessarily true. Many years ago, during the Code Red (IIRC) scare, I placed a honey pot on the Internet and collected the logs. Many idiots had set up Windows servers on the Internet and had used BLANK default admin passwords. I logged into a couple and verified and found that many of these users also had named accounts which the logged into the console or an RDP session with. So, with two RDP sessions allowed and them logged into one with their named account, you could log in with the admin account and they’d never know.
     
  19. Mega6

    Mega6 Gawd

    Messages:
    686
    Joined:
    Aug 13, 2017
    Leaving RDP port open is an entirely different thing than the latest vulnerability via hack. When working in IT - it is a constant flow from and to the next patch for this or that new hack and how to deal with it. It never ends. RDP port should be closed Automatically via guidelines corporate. Mom and Pop shops and regular users are just clueless when Ports are left open.