Hackers are selling access to critical airport systems for $10

Digital security is something that’s on the mind of every company that owns any device more modern than a typewriter these days and for good reason. A breach of information can be catastrophic for customers and for a business’s reputation and it’s hard to think of a more appealing target than an airport. Not only do some handle hundreds of flights per day, but also the personal information of hundreds of thousands of passengers.

A new report from McAfee presents troubling research on the prevalence of remote desktop protocol (RDP) attacks, which offer anyone with a Tor connection and a Bitcoin wallet credentials to remotely connect to a system. The research highlights compromised internal systems of an unnamed airport, but the overall message is that remote logins for millions of machines are now a commodity — and a cheap one at that.

The headline scary thing is that McAfee’s researchers found logins for sale for just $10 that granted access to an airport’s building security (say, door locks) and video surveillance tools, as well as something related to the inter-terminal transit system. The implications are obviously terrifying — there’s no point in access badges if some guy with a remote desktop session can just unlock the doors — but what’s worse is how hackers are able to sell the exploits in the first place.

“Attackers simply scan the Internet for systems that accept RDP connections and launch a brute-force attack with popular tools such as, Hydra, NLBrute or RDP Forcer to gain access,” the report says “These tools combine password dictionaries with the vast number of credentials stolen in recent large data breaches.”

Once they have logins, attackers are able to monetize the system in a variety of ways. Even if the machines don’t have any valuable data on them, hackers can harness hundreds of thousands of vulnerable systems into a “botnet” that can be used to send spam, mine cryptocurrency, or conduct distributed denial of service attacks against specific targets to take websites or services offline.


[Read More]