Sophos enterprise solutions updating dating epiphone sheraton
Unfortunately, far too many organizations that end up for sale on services like this one are there because they outsourced their tech support to some third-party company that engages in this sort of sloppy security.Fortunately, a quick external port scan of your organization’s Internet address ranges should tell you if any RDP-equipped systems are enabled.Here are a few more tips on locking down RDP installations.Readers who liked this story may also enjoy this piece — Service Sells Access to Fortune 500 Firms — which examined a similar service for selling hacked RDP systems.
Once they have a focused target list of Internet addresses with open remote administration ports, they can move on to the next part of the attack: The number 2 most-exploited weakness: deafult/weak credentials.” In case the point wasn’t clear enough yet, I’ve gathered all of the username and password pairs picked by all 430 RDP-enabled systems that were sold to this miscreant.
I took the Internet addresses in this customer’s purchase history and ran WHOIS database lookups on them all in a bid to learn more about the victim organizations.
As expected, roughly three-quarters of those addresses told me nothing about the victims; the addresses were assigned to residential or commercial Internet service providers.
As evidenced by the list below, the attackers simply needed to scan the Internet for hosts listening on port 3389 (Microsoft RDP), identify valid usernames, and then try the same username as the password.
In each of the following cases, the username and password are the same.
Makost currently is selling access to more than 6,000 compromised RDP installations worldwide.