Facepalm: One airport dodged a major security bullet when it was informed by McAfee Advanced Threat Research that hackers were selling credentials to its systems on the dark web. Airport officials confirmed the validity of the login information after being notified and have since resolved the breach.
The airport (McAfee withheld its name for obvious reasons) said that the credentials were used to log into its remote desktop protocol (RDP). It uses RDP to allow employees to access specific systems from outside the LAN.
The login info was being offered on an RDP web shop hosted on the dark web. McAfee says these shops are a common and growing problem that companies are generally oblivious to. It points out that part of the problem is firms have been slow to adopt two-factor authentication — a measure that could thwart this type of breach.
The airport is unsure how the credentials got out, but McAfee analysts think a brute-force technique was likely used to “guess” the login information. They say this is a very common method hackers use to gain this type of data when they are just looking to turn a quick buck on the dark web. They will try brute force on hundreds or even thousands of systems hoping to turn something up, and then sell it for profit. This particular set of credentials was being offered up for just $10. It is unknown how many individuals bought the information.
"Attackers simply scan the Internet for systems that accept RDP connections and launch a brute-force attack with popular tools such as, Hydra, NLBrute or RDP Forcer to gain access."
McAfee adds that in addition to the airport, it found several other organizations being offered in the RDP shop including government computers.
“We also came across multiple government systems [US and others] being sold worldwide,” the researchers said. “[It also had] dozens of connections linked to health care institutions, from hospitals and nursing homes to suppliers of medical equipment.”
The lesson here is “secure your RDP systems.” This should be a no-brainer, but considering the fact that even government systems were found compromised shows that a lot of high-level IT personnel need to up their game.