Access to an airport security system can cost as little as $10.
That’s what cybersecurity giant McAfee found during its investigation into underground and nefarious hacker marketplaces on the internet, commonly known as the Dark Web.
The access rights were sold via a Russian Remote Desktop Protocol (RDP) shop, McAfee’s Advanced Threat Research team discovered. RDP is a proprietary Microsoft protocol that allows an administrator to remotely access a PC. “Something great for solving IT challenges, but potentially devastating if in the wrong hands,” McAfee said in a statement.
These RDP “shops” are exploding on the Dark Web via Ultimate Anonymity Service (UAS), a Russian business, McAfee added.
Criminals, like the notorious SamSam group that crippled city systems in Atlanta, favor RDP because they don’t need to engage in phishing campaigns or worry about antimalware defenses.
Windows 2008 and 2012 Server were the most common systems for sale at RDP shops, with over 17,000 available, McAfee said. Prices ranged from around $3 for a basic configuration to $19 for a higher performance system that offers administrator rights.
By using the connections offered by RDP shops, McAfee was able to quickly find a “high-value target” in the U.S. In this case, a Windows Server system that was affiliated with a city in the U.S. The sale price with administrator rights: $10.
A closer look by McAfee researchers revealed that some of the system’s accounts were connected to a major international airport.
“After performing several open-source searches we found that [some of] the accounts were associated with two companies specializing in airport security; one in security and building automation, the other in camera surveillance and video analytics,” the report said.
The writing is on the wall, McAfee explained. Notorious attackers, like the SamSam group that wreaked havoc in Atlanta, could use an RDP shop to gain access to one of these systems. That Atlanta attack brought the court system and the Atlanta Police Department to its knees.
The attackers don’t have to conduct elaborate malware campaigns to get inside an airport security system.
“Cybercriminals like the SamSam group only have to spend an initial $10 dollars to get access and are charging $40K ransom for decryption, not a bad return on investment,” McAfee said.