Hackers have breached 7,500 organizations and are selling network access on multiple Russian hacker forums.
An investigation by CyberNews.com reveals compromised networks located in the USA, Canada, and Australia which include educational, entertainment and bar industry organizations.
Access via Remote Desktop Protocol (RDP) is being sold via an auction, with the initial bid for the entire package starting at 25 BTC (roughly $330,000) and the ‘Buy now’ option at 75 BTC (about $1,000,000).
RDP has a number of security holes, including the BlueKeep vulnerability (CVE-2019-0708), that make it exceptionally easy for threat actors to exploit. The Shodan.io IoT search engine reveals that there are millions of devices worldwide with open RDP ports.
“Between the sharp rise in attacks targeting RDPs, the surprising growth of the ransomware ‘industry,’ and the overall surge of cybercrime over the past several years, organizations now have a rapidly dwindling supply of excuses for getting their networks compromised due to ancient vulnerabilities, which is the direct result of not keeping their systems up to date,” says CyberNews’ Edvardas Mikalauskas.
Organizations need to patch the vulnerability and make sure that they don’t leave machines with open RDP ports where the vulnerability is unpatched.
You can read more on the CyberNews site.