As per a recent report published by Bleeping computers, security experts were able to extract 1.3 million RDP Login names and passwords from UAS, a marketplace used by criminals to buy compromised RDP logins.
The extracted data allows us a deep insight into
- How easy it has become for cybercriminals to launch attacks on unsuspecting businesses
- The prevalent use of weak login names and passwords by RDP users
How weak passwords can fuel ransomware attacks on your business
What is RDP used for?
RDP, or the Windows Remote Desktop application, is used extensively by business users around the world. The application allows the user to control his or her office computer remotely. Unfortunately, the same application can be used by criminals to hack into office networks as well.
Why do hackers attack RDP?
Criminals can easily hack an RDP connection that has been left open to the Internet. Generally, this is done by either guessing the login credentials or by bombarding the application with thousands of login credentials until they find the correct one. Once they have the login name and password, the criminals can use the remote desktop connection to infiltrate the network.
Criminals can use compromised RDPs to spy, exfiltrate data, install malware, steal financial data, cryptomining, and hack organizations connected with the victim’s network. As per the FBI, compromised RDPs play a key role in about 70 to 80% cases that lead to a Ransomware attack.
After reading the report, it appears that infiltrating a business network has been much easier for cyber criminals than anticipated. They could easily buy and use RDP credentials from the UAS marketplace and at no significant cost.
How weak passwords make hacking easy
Another astonishing fact that should attract your attention is the use of login names and passwords actively in use by RDP users. The list includes ridiculously simple login names, such as administrator, admin, guest, user, and test. Similarly, passwords in use include 123456, 123, password, admin, and 1 as well.
Security teams around the world denounce the use of such weak credentials. This is because criminals can crack accounts using these credentials in a matter of seconds.
To put the issue in figures, upon analyzing the data, 300,000 RDP accounts were found to have Administrator as the login name; 71,000 users have 123456 as their RDP password; and 25,000 users have 1 as their password. Moreover, 15,000 users were using the default password provided by the Mail Enable setup program.
When reading this data, one should not forget that these are the login names and passwords of active RDP users, whose IP addresses, location, ISP, operating system, and server details are still on sale over the dark web.
Unfortunately, this is not the only report on the usage of login malpractices. A Varonis survey found that 59% of financial institutions had over 500 passwords that had never been changed. A 2021 analysis of 2.2 billion passwords by Cyber News revealed some disturbing facts as well.
- The top-most common passwords include, 123456, 123456789, qwerty, password and 12345. According to NordPass, criminals take less than a second to crack such passwords.
- Nearly 14 million had either Eva or Alex as a password
- Out of the 2.2 billion password, most had 8 or fewer characters
How to protect your business from RDP attacks?
Thus, in our opinion, strong password policies and good password habits play a crucial role in protecting your business from malicious attacks. As stated above, most ransomware gangs infiltrate the victims by compromising an RDP server. Nearly 70-80% of such attacks use RDP as a foothold.
In fact, the leaked database lists many RDP servers that belong to organizations that have been hit by ransomware in the past.
Under such a dire threat, it’s crucial that the access to RDPs should be guarded by a strong username and password. In addition, no RDP port should be left open to the Internet. Hiding your Remote desktop behind a VPN or an RDP gateway is crucial as well.
What is RDPwned?
Concerning, the 1.3 million RDP login details that the security experts have obtained. The database is now available on RDPwned. The website allows businesses and their system admins to check if the database lists their RDP servers. You can visit the website and place a request with the site administrators. The site admins would vet your credentials, and upon clarification would share the details with you.
Altogether, the news report sheds much needed light over industrious cybercrime has become; especially, why it has become so easy for criminals to victimize unsuspecting organizations. In fact, the report also highlights the astonishing spread of our poor password practices.
Good password practices
One proven remedy for such habits is a strong password policy. It should prohibit reuse of passwords, set up password standards, and warn employees against sharing of passwords.
Plus, you need to put in place strong technical controls to ensure that connections to your servers are well protected. Along with this, you also need to hold regular security awareness training. Your new employees should get such training within 30 days of joining. Similarly, the older employees should be required to retake the training regularly.
When we design our training programs, we ensure that trainees have to take a separate module on good password practices. This is because people have a habit of reusing passwords. Moreover, creating strong passwords that are also memorable is a difficult art.
As is evident from the data shared above, people tend to use words that hackers can guess easily. Thus, you have to train the employees in the art of creating passwords. Along with this, if an employee is in the habit of writing down passwords, they need to know the pros and cons of doing so. Plus, you need to teach them to disguise their passwords also.
Altogether, passwords are extremely important assets. You cannot neglect their value in protecting your organization from cyberattacks. A strong password culture can make it really difficult for criminals to attack your business. So, do not take password security lightly.
In a threat environment, in which criminals can get ransomware programs on rent, and buy the access to your network for a mere $3, you need to step-up your game.