HKCert
Press Centre

HKCERT Calls for Tighter Security for Remote Access Servers

Release Date: 21 / 06 / 2016
Last Update: 21 / 06 / 2016

The Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) of the Hong Kong Productivity Council today (21 June 2016) urges local IT system administrators to strengthen their security after the access to hundreds of hacked remote access servers in Hong Kong was found being traded in an underground market.

 
The warning came as HKCERT received the IP addresses of 160 hacked servers in Hong Kong from the cyber security partner in Kaspersky Lab. Earlier the Russia-based Kaspersky Lab announced it has taken down the “xDedic” marketplace in which cybercriminals have been trading the access to 70,000 hacked servers using remote desktop protocol (RDP) from 173 countries and regions.
 
Once acquired the access, cybercriminals can control the servers to send spam, host phishing sites, mine Bitcoins and launch DDoS attacks. If accounting software or point-of-sales systems are found on the servers, cybercriminals can even plant malware on them to steal personal data and credit card numbers.
 
A HKCERT spokesperson said they have notified the affected local server owners with security advice through their Internet service providers. Apart from the illegal trading of access to remote access servers, HKCERT has also regularly received reports of server hacking, mostly due to insecure configuration.
 
To guard against the hacking of remote access servers, HKCERT urges IT system administrators to take measures to strengthen protection of their servers, including deploying a firewall, applying minimum access permission to servers, changing default settings, setting up strong password and patching the systems regularly.