Stolen Remote Logins Drop in Price on the Dark Web as Supply Grows

The simple principles of supply and demand are also valid when it comes to seedy dark web marketplaces, it seems. Security researchers discovered that the price of stolen remote desktop protocol (RDP) logins is tanking on dark web forums as supply slowly starts to outpace demand.

Hackers use stolen, cracked or otherwise compromised RDP accounts and login credentials access company networks through RDP. However, it seems that so many RDP passwords and logins are being leaked and put up for sale on the dark web that their price is slowly dropping.

This increase makes a lot of sense. Right now there are more people working from home and accessing company servers, cloud applications and remote resources than there have ever been before. The shift in work practices brought about by Covid-19 has given bad actors plenty of opportunities to phish and steal a lot of remote login credentials.

Researchers cross-referenced over a dozen different dark web forums and marketplaces. Their findings showed a roughly 20% drop in price for a single set of RDP login credentials. Curiously, the report also states that some of the logins were labelled as "non-hacked", implying they have never been used in the past.

The price of RDP logins dropping does not only mean an oversaturation of the market, it also means that the price of admission has been significantly lowered and a larger number of bad actors could buy more hacked logins. This could, of course, lead to a greater number of misguided and clumsy, low-profile attacks but is generally bad news.

A Lot of Poor Security Practices Persist

The reason a lot of those logins are so easy to crack is that bad practices such as using "administrator" or "user" as the username still persist. Once the logins have been compromised, threat actors could use them for a number of purposes, from quietly infiltrating a network and stealing data over time, to preparing the network for a large-scale ransomware attack.

No network is completely secure but there are things that can be done with password security that can help make it harder to breach.

Default credentials for any device or account are somehow still a thing in 2020 and should be avoided at all costs. Instructing employees how to create strong, sufficiently long and complex passwords or simply generating one for them is another way to decrease the odds of password brute-force attacks.

Finally, adding some sort of multi-factor authentication is probably the best line of defense against the potential theft of login credentials.

October 1, 2020

Leave a Reply