Russian Service Rents Access To Hacked Corporate PCs

Service provides stolen remote desktop protocol credentials, letting buyers remotely log in to corporate servers and PCs, bypassing numerous security defenses.

11 Security Sights Seen Only At Black Hat (click image for larger view and for slideshow)
Want to infiltrate a business? An online service sells access credentials for some of the worlds biggest enterprises, enabling buyers to bypass security defenses and remotely log on to a server or PC located inside a corporate firewall.
That finding comes by way of a new
report
from information security reporter Brian Krebs, whos discovered a Russian-language service that traffics in stolen
Remote Desktop Protocol
(RDP) credentials. RDP is a proprietary Microsoft standard that allows for a remote computer to be controlled via a graphical user interface.
The RDP-renting service, dubbed Dedicatexpress.com, uses the tagline The whole world in one service and is advertised on multiple underground cybercrime forums. It serves as an online marketplace, linking RDP-credential buyers and sellers, and it currently offers access to 17,000 PCs and servers worldwide.
[ Do the recent U.S. bank hacks represent the new face of cyberwar? See
Bank Hacks: Iran Blame Game Intensifies
. ]
Heres how Dedicatexpress.com works: Hackers submit their stolen RDP credentials to the service, which pays them a commission for every rental. According to a screen grab published by Krebs, the top submitters are lopster, with 12,254 rentals, followed by _sz_, with 6,645 rentals. Interestingly, submitters can restrict what the machines may be used for--for example, specifying that machines arent to be used to run online gambling operations or PayPal scams, or that they cant be run with administrator-level credentials.
New users pay $20 to join the site, after which they can search for available PC and server RDP credentials. Rental prices begin at just a few dollars and vary based on the machines processor speed, upload and download bandwidth, and the length of time that the machine has been consistently available online.
According to Krebs, the sites managers have said they wont traffic in Russian RDP credentials, suggesting that the sites owners are based in Russia and dont wish to antagonize
Russian authorities
. According to security experts, Russian law enforcement agencies typically turn a blind eye to cybercrime gangs operating inside their borders, providing they dont target Russians, and that these gangs in fact occasionally assist authorities.
When reviewing the Dedicatexpress.com service, Krebs said he quickly discovered that access was being rented, for $4.55, to a system that was listed in the Internet address space assigned to Cisco, and that several machines in the IP address range assigned to Microsofts managed hosting network were also available for rent. In the case of Cisco, the RDP credentials--username and password--were both Cisco. Krebs reported that a Cisco source told him the machine in question was a bad lab machine.
As the Cisco case highlights,
poor username and password combinations
, combined with
remote-control applications
, give attackers easy access to corporate networks.
Still, even complex usernames and passwords may not stop attackers. Since Dedicatexpress.com was founded in 2010, its offered access to about 300,000 different systems in total, according to Krebs. Interestingly, 2010 was the same year that security researchers first
discovered the Georbot Trojan application
, which scans PCs for signs that remote-control software has been installed and then captures and transmits related credentials to attackers. Earlier this year, security researchers at ESET found that when a Georbot-infected PC was unable to contact its designated
command-and-control server
to receive instructions or transmit stolen data, it instead contacted a server based in the country of Georgia.
When it comes to built-in remote access to Windows machines, RDP technology was first included in the Windows XP Professional--but not Home--version of the operating system, and it has been included in every edition of Windows released since then. The current software is dubbed
Remote Desktop Services
(for servers) and Remote Desktop Connection (for clients).
Might
Windows 8 security improvements
help prevent unauthorized people from logging onto PCs using stolen remote desktop protocol credentials? Thats not likely, since Microsofts new operating system--
set to debut
later this week--includes the latest version, Remote Desktop Protocol 8.0, built in.
Microsoft has also released a free Windows 8
Remote Desktop application
, filed in the productivity section of Windows Store. According to Microsoft, the new Metro-style Remote Desktop app enables you to conveniently access your PC and all of your corporate resources from anywhere.
As many of you already know, a salient feature of Windows Server 2012 and Windows 8 is the ability to deliver a rich user experience for remote desktop users on corporate LAN and WAN networks, read a recent
blog post
from Shanmugam Kulandaivel, a senior program manager in Microsofts Remote Desktop Virtualization team.
Despite such capabilities now being built into numerous operating systems--including Linux and Mac OS X--many security experts recommend deactivating or removing such tools when theyre not needed. Personally, I am a big fan of uninstalling unnecessary software, and it is always sound advice to minimize ones software footprint and related attack surface, said Wolfgang Kandek, CTO of Qualys. He made those comments earlier this year, after the source code for Symantecs pcAnywhere Windows remote-access software was
leaked to the Internet by hacktivists
. Security experts were concerned that attackers might discover an exploitable zero-day vulnerability in the remote-access code, which would allow them to remotely access any machine that had the software installed.
A security information and event management system serves as a repository for all the security alerts and logging systems from a firms devices. But this can be overkill for a company that is understaffed or has overestimated its security information needs. In our report,
Does SIEM Make Sense For Your Company?
, we discuss 10 questions to ask yourself in determining whether SIEM makes sense for you--and how to pick the right system if it does. (Free registration required.)

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Russian Service Rents Access To Hacked Corporate PCs