It has been seen that cyber criminals are selling stolen access to RDP (Remote Desktop Protocol) for a major airport at the low price of $10. Researchers were able to use the Shodan engine to discover the correct IP address of the Windows server. After further investigation, the search was narrowed down to three ports. After doing a WHOIS search, it was discovered that the IPs belonged to a major airport. An admin’s account along with two other accounts were found to be for sale, which would allow access to the airport’s security system, building automation, and video analytics. When access is granted, attackers can move laterally in the network, alter settings, create backdoors, carry out phishing campaigns, and deploy malware. Attacks like this can cause major damage for an organization. As always, strong passwords and 2FA are highly encouraged.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased