Security News RDP Ports Prove Hot Commodities on the Dark Web

[LASER_oneXM]

Content source

https://www.darkreading.com/endpoint/rdp-ports-prove-hot-commodities-on-the-dark-web/d/d-id/1332830

There are many actions a threat actor can take with RDP access (credential harvesting, account takeover, cryptocurrency mining among them) and it's easier for them to launch these threats if they have access to an RDP port. Skilled attackers often find the ports themselves by scanning infrastructure exposed to the Internet and using brute force to access open ports. Automated tools and the Shodan search engine help them find systems configured for RDP access online.

Still, many threat actors of all skill levels buy RDP access on the Dark Web, where the ports are hot commodities, as are tools to delete attackers' activity once their work is done.

"If I get access to a server, to RDP, I can just launch the Web browser that's built in and download anything and everything I want to build on that system," says Wisniewski. It doesn't take an advanced attacker to abuse RDP; as he puts it, "even the dumbest criminal" can do a reasonable amount of damage.