While McAfee’s Advanced Threat Research team was looking into dark web marketplaces, it found a number of shops offering stolen access to various companies’ and groups’ systems. Disturbingly, among the findings was access to a major international airport’s systems, which could be bought for the low price of just $10. McAfee said the shop appeared to be offering access to the airport’s security systems as well as its building automation, surveillance and transit systems.
The shop was selling access to the airport’s remote desktop protocol (RDP), which gives employees remote access to certain computers on the airport’s network. “This access could allow cybercriminals to do essentially anything they want — create false alerts to the internal security team, send spam, steal data and credentials, mine for cryptocurrency or even conduct a ransomware attack on the organization,” McAfee said. The recent SamSam ransomware attacks often used RDP vulnerabilities to gain access to networks.
McAfee said that it also came across access to “multiple government systems,” some of which were linked to the US, as well as “dozens of connections linked to health care institutions.” For security reasons, McAfee didn’t name the airport or any other entities that it found access to in its search, but it notified them of the breaches. The company also warned that this is a major problem across industries and it’s one that needs to be more effectively addressed. “Governments and organizations spend billions of dollars every year to secure the computer systems we trust,” said McAfee. “But even a state-of-the-art solution cannot provide security when the backdoor is left open or carries only a simple padlock.”