Recently, security researchers uncovered a global cybercriminal operation. Thousands of computers were compromised by the operation, which attempted to gain access into point-of-sale (POS) system through the use of brute-force techniques for guessing remote administration credentials.
The computers utilized in the attack were part of a botnet, which has been nicknamed BrutPOS. Believed to be active since at least February, the botnet works by scanning specific IP address ranges for systems accepting Remote Desktop Protocol connections.
When a Remote Desktop Protocol (RDP) service is identified by one of the computers, common user names and passwords are used by the malware in an attempt to log into that connection. In the event that the credentials are successful, the information is then transferred to command-and-control servers. At that point, attackers make a determination regarding whether the system is a POS terminal. If it is a point-of-sale terminal, a malware program is installed in in order to extract payment card details.
While it certainly seems as though RDP connection attacks are on the rise, they are not actually new. In fact, they have been going on for years. Originally developed by Microsoft, RDP is a type of proprietary protocol that allows users to benefit from a graphical interface to connect with other computers through a network connection. RDP was first designed to allow remote access on a LAN. Consequently, security issues can occur when support teams use RDP on the Internet for establishing connections with systems off the network. This is because such connections can often result in compromised security, including allowing default ports to be opened.
The real problem is that such ports can be extremely vulnerable and far too easy for hackers to identify. Login credentials are often frequently susceptible to such Brutforce POS attacks because such credentials are often shared. To make matters even worse, hackers can often gain access to an organization’s internal network when compromised workstations are connected to the internal network. Hacking RDP connections can prove to be quite profitable for hackers because they can gain control of your organization’s servers and then sell the relevant credentials for targeted systems as lucrative commodities in the cyber criminal underground. While RDP attacks may not be new, they do certainly appear to be on the rise.
In a litany of recent credit card breaches at businesses ranging from discount stores to restaurants, this most recent attack serves as yet one more example of how RDP connections can be targeted and even successfully compromised by hackers. This is precisely why we recommend the use of RHUB remote support servers for RDP as it allows IT administrators to continue using RDP in a safe and secure manner without any vulnerability to such malicious attacks.
If you are not yet a customer of RHUB, become one today and learn how you can protect your systems from attacks by hackers. Call us at 1-866-758-0984 or email us at email@example.com for more information.