Airport Security Systems Breaching – the Writing is on the Wall

This post is also available in: עברית (Hebrew)

Cybersecurity giant McAfee investigated into underground and nefarious hacker marketplaces on the internet, the Dark Web. The company found that the access to an airport security system can cost as little as $10.

The threat research team discovered that the access rights were sold via a Russian Remote Desktop Protocol (RDP) shop. RDP is a proprietary Microsoft protocol that allows an administrator to remotely access a PC.

These RDP “shops” are exploding on the Dark Web via Ultimate Anonymity Service (UAS), a Russian business, McAfee added.

Criminals, like the notorious SamSam group that crippled city systems in Atlanta, favor RDP because they don’t need to engage in phishing campaigns or worry about anti-malware defenses, according to foxnews.com.

Windows 2008 and 2012 Server were the most common systems for sale at RDP shops, with over 17,000 available, McAfee said.

A closer look by the researchers revealed that some of the system’s accounts were connected to a major international airport. “After performing several open-source searches we found that [some of] the accounts were associated with two companies specializing in airport security; one in security and building automation, the other in camera surveillance and video analytics,” the report said.

The writing is on the wall, McAfee explained. Notorious attackers, like the SamSam group that wreaked havoc in Atlanta, could use an RDP shop to gain access to one of these systems. The attackers don’t have to conduct elaborate malware campaigns to get inside an airport security system.