New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research

Search

Stolen Access to Airport Security System for Sale on Darknet for $10

It has been seen that cyber criminals are selling stolen access to RDP (Remote Desktop Protocol) for a major airport at the low price of $10. Researchers were able to use the Shodan engine to discover the correct IP address of the Windows server. After further investigation, the search was narrowed down to three ports. After doing a WHOIS search, it was discovered that the IPs belonged to a major airport.  An admin’s account along with two other accounts were found to be for sale, which would allow access to the airport’s security system, building automation, and video analytics. When access is granted, attackers can move laterally in the network, alter settings, create backdoors, carry out phishing campaigns, and deploy malware. Attacks like this can cause major damage for an organization. As always, strong passwords and 2FA are highly encouraged.