Hackers are Selling Backdoors Into PCs for Just $10

DooKey

[H]F Junkie
Joined
Apr 25, 2001
Messages
13,500
Just the other day we were talking about military documents on the dark web selling for as little as $200 and today the talk is about hackers selling backdoors into PCs for just $10 on the dark web. This latest offer was discovered when researchers at McAfee Labs looked into the sale of remote desktop protocol access on the dark web. Apparently, there are tens of thousands of compromised systems listed there and you can buy access if you want. This is a pretty serious issue because you can do just about anything you want to the machine you gain access to. Most of those systems listed are running Windows 2008/2012 Server. Tighten up your security folks!

RDP access is a standard tool which allows one user to connect to and control another user's computer over a network. The process is often used for support and administration, but in the wrong hands, RDP can be leveraged with devastating consequences...
 
Just the other day we were talking about military documents on the dark web selling for as little as $200 and today the talk is about hackers selling backdoors into PCs for just $10 on the dark web. This latest offer was discovered when researchers at McAfee Labs looked into the sale of remote desktop protocol access on the dark web. Apparently, there are tens of thousands of compromised systems listed there and you can buy access if you want. This is a pretty serious issue because you can do just about anything you want to the machine you gain access to. Most of those systems listed are running Windows 2008/2012 Server. Tighten up your security folks!

RDP access is a standard tool which allows one user to connect to and control another user's computer over a network. The process is often used for support and administration, but in the wrong hands, RDP can be leveraged with devastating consequences...

That is frankly terrifying.

Back door access to a place like I work would be a nightmare, the medical records, including SSN, next of kin, addresses and phone numbers financial data, basically everything you need to hijack a persons life of hundreds of thousands of patients.

Lot of trust being placed on the shoulders of your IT people.
 
Except you can't silently RDP to a machine with a user logged in.... It would give them a prompt asking to log off so the other user can log in. A workstation shouldn't be on when not in use, and workstations/servers should NOT have a direct RDP connection that doesn't proxy through some kind of bastion box....
 
A few years ago, we used to have a remote desktop connection (terminal server) opened to the internet.
It was limited to a number of people I specifically gave access.

I eventually had to disable it due to the huge number of hackers that kept pounding the connection trying to get in.
There was so much traffic, it was slowing down the server. :eek:
 
onsite servers/workstations that sit behind a firewall, should NOT be directly RDP accessible.. yet i have seen places that do that.. :eek:


hosted servers, is a bit trickier.
 
I'd even argue "Never run Windows on a Server".

Except Ecxhange. You don't really have an option there. But you can run it in a really locked down VM.
 
Last edited:
Its a never ending assault....i try to explain this to my wife but she doesn't really get it or care to understand it. I had to tell her to rethink using her yahoo account to get her medical emails.
 
onsite servers/workstations that sit behind a firewall, should NOT be directly RDP accessible.. yet i have seen places that do that.. :eek:


hosted servers, is a bit trickier.

At minimum you should use a bastion box. But it really should require a VPN tunnel in order to RDP.
 
Remote Desktop, Really? Sounds like the front door, garage open with a car and the keys left in it.
 
Were filing cabinets really THAT bad? Why does all of our personal information HAVE to be stored on the computer of every company we do business with? My information is probably in at least thousands of different locations and all it takes is one for my information to all be leaked.
 
Except you can't silently RDP to a machine with a user logged in.... It would give them a prompt asking to log off so the other user can log in. A workstation shouldn't be on when not in use, and workstations/servers should NOT have a direct RDP connection that doesn't proxy through some kind of bastion box....

Lots of shoulds in there.
 
onsite servers/workstations that sit behind a firewall, should NOT be directly RDP accessible.. yet i have seen places that do that.. :eek:


hosted servers, is a bit trickier.

You will be surprised how many places do...its terrifying in fact. RDP hacks are one of the most common hacks going around this year. There is a reason why ransomeware is becoming more widespread and one of the most common way it gets into someone environment is thru RDP.

There are also tons of admins who enable SSH on internet facing public interfaces of there equipment for "convenience" and accessibility from home.

My moto I been spreading around the office when someone proposes a insecure solution... "if you make it easy for you...you make it easy for them (them being the douchebag hackers)".
 
I'll never forget the face/palm moment I had when our IT security professor gave us a link to a teenage(13-15 maybe) kid showing users how to bypass W7 login screens to gain access to the user files and reset passwords just to give us a clue of how much is readily available now. C'mon folks, $10 is still too much if you can spend a little time on the tube. Seriously though, I still find network users to be the hugest risk. The disconnect between humans and personal responsibility of their tech is astounding to me, but then again I still read police reports about cars broken into with the doors unlocked or the keys still in them and being stolen altogether.
 
Montu

Been wondering if were getting close to that once a year day when Kyle posts all the latest scary security stuff some of us dread. I remember last years caused me to lose a few hairs for sure. From work computers to home devices to cars, it was a doozy last year and these recent stories remind me of that.
 
Except you can't silently RDP to a machine with a user logged in.... It would give them a prompt asking to log off so the other user can log in.

Not necessarily true. Many years ago, during the Code Red (IIRC) scare, I placed a honey pot on the Internet and collected the logs. Many idiots had set up Windows servers on the Internet and had used BLANK default admin passwords. I logged into a couple and verified and found that many of these users also had named accounts which the logged into the console or an RDP session with. So, with two RDP sessions allowed and them logged into one with their named account, you could log in with the admin account and they’d never know.
 
Leaving RDP port open is an entirely different thing than the latest vulnerability via hack. When working in IT - it is a constant flow from and to the next patch for this or that new hack and how to deal with it. It never ends. RDP port should be closed Automatically via guidelines corporate. Mom and Pop shops and regular users are just clueless when Ports are left open.
 
Back
Top