Hackers have broken into 7.500 organizations and sold "network access" to many Russian hacking forums.
Remote Desktop Protocol (RDP) access is sold through auction on hacking forums, with the initial bid for the entire package starting at 25 BTC (approximately $ 330.000) and the "Buy now" option being sold at a price of 75 BTC (approximately $ 1.000.000).
The access package would be a great purchase for a young and aspiring gang ransomware, as the attack on 7.500 organizations would help the team become famous in a short time.
RDP has a number of security holes, including of vulnerability BlueKeep (CVE-2019-0708), which make it extremely easy for exploiters to exploit. The IoT search engine Shodan.io reveals that there are millions of devices worldwide with open RDP ports.
As you can see above, millions Appliances are still open at public. This does not mean that all of these machines are necessarily vulnerable to cyber attacks: some may be false positives, while others may be patched or otherwise protected from common vulnerabilities related to RDP.
However, given how actively this attacker is being exploited by its criminals cyberspace in general and ransomware gangs in particular, one can safely assume that an insignificant percentage of open devices is vulnerable.
"Between the sharp rise in RDP attacks, the astonishing growth of the ransomware industry and the overall growth of crimes In recent years, organizations now have no excuse to endanger their networks due to ancient vulnerabilities, which are the direct result of non-compliance. information of their systems ", says Edvardas Mikalauskas of CyberNews.
Organizations need to repair the vulnerability and make sure they do not leave machines with RDP ports open where the vulnerability has not been fixed.