Dark web vendors are now selling remote access to corporate computers for as little as $3 (£2.28). Dark web marketplaces have begun increasingly selling credentials to hacked Remote Desktop Protocol (RDP) servers, which allow hackers to spy on and steal data from companies without using malware.
In case of Windows PCs, RDPs could allow hackers to remotely access a computer and compromise a corporate network, leaving the firm open to potential data breaches, espionage and more. This makes RDPs valuable to cybercriminals.
According to security experts at Flashpoint, RDPs from across the globe are currently up for sale in the popular dark web market Ultimate Anonymity Services (UAS). RDPs being sold were sourced from healthcare, education and government organisations.
"UAS offers SOCKs proxies in addition to over 35,000 brute forced RDPs for sale," Flashpoint researchers said in a blog. "UAS offers RDPs sourced from countries across the world; however, in keeping with Eastern European cybercriminal norms, the shop does not offer RDPs from the Commonwealth of Independent States (CIS)."
Over 7,200 RDPs from China, 6,100 from Brazil, 3,000 from India, 1,300 from Spain and 900 from Colombia were found being sold on UAS. According to the Flashpoint researchers, these countries may have a higher number of exposed RDPs presumably because of "lax cybersecurity hygiene" involving remote connection monitoring. UAS also offers around 300 US-based RDPs, from Virginia, Ohio, Oregon and California.
Regardless of the country of origin, RDPs on UAS were priced between $3 and $10. In comparison, xDedic, yet another dark web market and a competitor of UAS, offered RDPs for over $100 in some cases. "UAS' lower prices may contribute to the growing popularity of the shop among cybercriminals," the Flashpoint researchers said, adding that cybercriminals' interest in UAS "will likely continue growing".