14 DAY TRIAL // Security professionals have often warned about the risks posed by using the Remote Desktop Protocol (RDP) service without making sure that it’s properly secured. As it turns out, cybercriminals are relying on the service to compromise machines and sell access to them via underground markets.
Security journalist Brian Krebs stumbled upon a Russian website called dedicatexpress.com, which claims to sell access to around 17,000 computers from all around the world. It seems that all of these machines have been compromised because their owners failed to set strong RDP passwords, allowing the attackers to easily take them over.
Dedicatexpress.com offers its services to anyone who is willing to contact the owner via instant messaging and pay a registration fee of $20 (15 EUR).
The prices for the actual hijacked servers vary depending on the machine’s performance and the length of time it can be utilized for.
While such services may not be that uncommon these days, considering that the cybercriminal underground markets are flourishing, the most interesting fact is that some of the servers put up for sale are actually housed by Fortune 500 companies.
By leveraging the feature which allows customers to choose their servers based on certain IP address ranges (in case they want access to a specific company’s systems), Krebs found that even a computer owned by Cisco was on sale for only $4.55 (3.5 EUR).
In case you were wondering how this could have happened, the username and the password for the RDP service were "Cisco", respectively "Cisco."
Cisco representatives have admitted that the machine was in fact theirs. Although they have claimed it was a “bad lab machine,” and although it had been blacklisted for malicious activities by many security solutions providers, it doesn’t make the situation any brighter.
The fact remains that many of the high-profile companies have computers that are easily and freely utilized by cybercriminals to host malware and send out spam.