itman 1,786 Posted April 21, 2021 Share Posted April 21, 2021 Quote The login names and passwords for 1.3 million current and historically compromised Windows Remote Desktop servers have been leaked by UAS, the largest hacker marketplace for stolen RDP credentials. With this massive leak of compromised remote access credentials, researchers, for the first time, get a glimpse into a bustling cybercrime economy and can use the data to tie up loose ends on previous cyberattacks. Network admins will also benefit from a new service launched by cybersecurity firm Advanced Intel called RDPwned that allows organizations to check whether their RDP credentials have been sold in the marketplace. UAS, the largest marketplace for RDP credentials UAS, or 'Ultimate Anonymity Services,' is a marketplace that sells Windows Remote Desktop login credentials, stolen Social Security Numbers, and access to SOCKS proxy servers. What makes UAS stand out is that it is the largest such marketplace, performs manual verification of sold RDP account credentials, offers customer support, and provides tips on how to retain remote access to a compromised computer. "The market functions partially like eBay - a number of Suppliers work with the market. They have a separate place to log in and upload the RDPs they hacked. The system will then verify them, collect information about each one (os, admin access? internet speed, cpu, memory etc etc), which is added to the listing." RDPwned: Checking if your RDP is compromised Vitali Kremez has launched a new service called RDPwned that allows companies and their admins to check if their servers are listed in the database. https://www.bleepingcomputer.com/news/security/logins-for-13-million-windows-rdp-servers-collected-from-hacker-market/ peteyt 1 Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 206 Posted April 22, 2021 Most Valued Members Share Posted April 22, 2021 (edited) I wonder why people open RDP to all , when sometimes it's companies that do that.. and even though you are opening it to all and still using a password like Running unpatched systems that are open to all with weak passwords, that is really bad. And if it had to be open to all , some products need to be used for protection , like an IPS or some NGFW and a looooong and complicated password is also needed , I wonder what kind of logic is this Firewalls are crying in the corner.. Edited April 22, 2021 by Nightowl peteyt 1 Link to comment Share on other sites More sharing options...
Recommended Posts