Botnet Targets RDP to Compromise POS Systems

by |

Earlier this week, security researchers uncovered a global cybercriminal operation that has compromised thousands of computers, which are actively trying to break into point-of-sale (POS) systems using brute-force techniques to guess remote administration credentials.

According to InfoWorld,

“The computers are part of a botnet, dubbed BrutPOS by researchers from security firm FireEye, that has been active since at least February. The botnet scans attacker-specified IP address ranges for systems that accept Remote Desktop Protocol (port 3389) connections.”

 

When one of the computers identifies an RDP service, the malware uses common user names and passwords to try and login to that connection. If the credentials are successful, the information is delivered back to a command-and-control server, where attackers determine whether the system is a POS terminal and, if so, install a malware program to extract payment card details.

This is yet another example of how RDP connections are being targeted and successfully compromised by hackers to access all types of systems. That’s why earlier this year Bomgar introduced our integration for RDP, which allows IT administrators to continue using RDP, but in a safe and auditable way that isn’t vulnerable to these types of attacks.

My colleague Bryan Hood just blogged about how to safeguard your RDP connections against brute-force attacks last week. You can also learn about how to use Bomgar in conjunction with RDP here.

If you’re already a Bomgar customer, but still using RDP for some standalone connections, there is no additional cost to start routing those through Bomgar. You have nothing to lose…except the fear of a data breach.