Hackers can buy access to a major airport’s security systems for just $10
The research team found the option to buy the remote desktop access on a Russian site.
HONEY POT: Airports are a popular target for hackers
Hackers can buy their way into the security and building automation system of a major international airport for just $10, researchers have discovered.
McAfee’s Advanced Threat Research team came across the deal whilst trawling darkweb market places. Though the antivirus software firm did not identify the airport in question, the discovery prompts questions about the ease with which would-be hackers can gain access to airport IT systems.
The underground online shops sold remote desktop protocol (RDP) access to hacked machines. RDP was developed by Microsoft and gives administrators a way in to their or a client’s computer from a separate location, but also serve as a port through which hackers can do the same.
According to McAfee, by accessing a system via RDP, attackers can obtain almost all data stored on a system.
In its investigation the team came across access to a Windows Server 2008 R2 Standard computer on April 16 in a Russian RDP shop. After tracking the IP address, it found the machine belonged to a major American international airport.
McAfee’s blog post following the discovery continued: “There are three user accounts available on this system, one of which is the administrator account.
“The names of the other accounts seemed unimportant at first but after performing several open-source searches we found that the accounts were associated with two companies specialising in airport security; one in security and building automation, the other in camera surveillance and video analytics.
“We did not explore the full level of access of these accounts, but a compromise could offer a great foothold and lateral movement through the network using tools such as Mimikatz.”
The team concluded the domain was most likely associated with the airport’s mass transit system. “It is troublesome that a system with such a significant public impact might be openly accessible from the Internet,” the blog writer, John Fokker continued.
“Now we know that attackers, like the SamSam group, can indeed use an RDP shop to gain access to a potential high-value ransomware victim. We found that access to a system associated with a major international airport can be bought for only $10—with no zero-day exploit, elaborate phishing campaign, or watering hole attack.”