Jump to content

Logins for 1.3 million Windows RDP servers collected from hacker market


itman
 Share

Recommended Posts

Quote

The login names and passwords for 1.3 million current and historically compromised Windows Remote Desktop servers have been leaked by UAS, the largest hacker marketplace for stolen RDP credentials.

With this massive leak of compromised remote access credentials, researchers, for the first time, get a glimpse into a bustling cybercrime economy and can use the data to tie up loose ends on previous cyberattacks.

Network admins will also benefit from a new service launched by cybersecurity firm Advanced Intel called RDPwned that allows organizations to check whether their RDP credentials have been sold in the marketplace.

UAS, the largest marketplace for RDP credentials

UAS, or 'Ultimate Anonymity Services,' is a marketplace that sells Windows Remote Desktop login credentials, stolen Social Security Numbers, and access to SOCKS proxy servers.

What makes UAS stand out is that it is the largest such marketplace, performs manual verification of sold RDP account credentials, offers customer support, and provides tips on how to retain remote access to a compromised computer.

"The market functions partially like eBay - a number of Suppliers work with the market. They have a separate place to log in and upload the RDPs they hacked. The system will then verify them, collect information about each one (os, admin access? internet speed, cpu, memory etc etc), which is added to the listing."

RDPwned: Checking if your RDP is compromised

Vitali Kremez has launched a new service called RDPwned that allows companies and their admins to check if their servers are listed in the database.

https://www.bleepingcomputer.com/news/security/logins-for-13-million-windows-rdp-servers-collected-from-hacker-market/

Link to comment
Share on other sites

  • Most Valued Members
Posted (edited)

I wonder why people open RDP to all , when sometimes it's companies that do that.. and even though you are opening it to all and still using a password like

image.thumb.png.c8fa3c678703d8492d4d93407e2b0950.png

Running unpatched systems that are open to all with weak passwords, that is really bad. :(

And if it had to be open to all , some products need to be used for protection , like an IPS or some NGFW and a looooong and complicated password is also needed , I wonder what kind of logic is this

Firewalls are crying in the corner..

Edited by Nightowl
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...