{"id":13026,"date":"2018-09-17T20:57:00","date_gmt":"2018-09-17T20:57:00","guid":{"rendered":"https:\/\/www.darkreading.com\/endpoint\/rdp-ports-prove-hot-commodities-on-the-dark-web\/d\/d-id\/1332830"},"modified":"2018-09-17T20:57:00","modified_gmt":"2018-09-17T20:57:00","slug":"rdp-ports-prove-hot-commodities-on-the-dark-web","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/rdp-ports-prove-hot-commodities-on-the-dark-web\/","title":{"rendered":"RDP Ports Prove Hot Commodities on the Dark Web"},"content":{"rendered":"<header>\n<\/header>\n<p><span class=\"strong black\">Remote desktop protocol access continues to thrive in underground markets, primarily to hackers who lack expertise to find exposed ports themselves.<\/span> <\/p>\n<p class=\"\">Security trends come and go, but the sale of Remote Desktop Protocol (RDP) ports continues to thrive on the Dark Web as malicious hackers seek easier means of gaining access to corporate networks.<\/p>\n<p>RDP is a Microsoft protocol and client interface used on several platforms including Windows, where it has been a native OS feature since Windows XP. Most of the time, RDP is used for legitimate remote administration: when companies outsource IT, or remote admins have to access a colleague&#8217;s machine, they most commonly use RDP to connect to it.<\/p>\n<p>But the same technologies that enable administrators to access remote machines can give hackers the keys they need to break into, move around, and steal data from enterprise targets.<\/p>\n<p>&#8220;It really goes with the entire story of this growing crime-as-a-service market,&#8221; says Ed Cabrera, chief cybersecurity officer at Trend Micro. The buying and selling of RDP credentials &#8211; like any other credentials bought and sold on the criminal underground &#8211; has evolved from one-stop shop transactional forums to a decentralized, specialized marketplace, he says. Attackers can buy RDP credentials in bulk or they can seek out data they need to target specific industries.<\/p>\n<p>There are many actions a threat actor can take with RDP access (credential harvesting, account takeover, cryptocurrency mining among them) and it&#8217;s easier for them to launch these threats if they have access to an RDP port. Skilled attackers often find the ports themselves by scanning infrastructure exposed to the Internet and using brute force to access open ports. Automated tools and the Shodan search engine help them find systems configured for RDP access online.<\/p>\n<p>Still, many threat actors of all skill levels buy RDP access on the Dark Web, where the ports are hot commodities, as are tools to delete attackers&#8217; activity once their work is done.<\/p>\n<p>&#8220;Knockoff versions of some popular tools proliferate as well once the original developers decide to no longer support their tools,&#8221; write Flashpoint&#8217;s Luke Rodeheffer, cybercrime intelligence analyst, and Mike Mimoso, editorial director, in a <a href=\"https:\/\/www.flashpoint-intel.com\/blog\/rdp-access-to-hacked-servers-still-a-thriving-business-on-deep-dark-web\/\" target=\"_blank\">blog post<\/a> on the topic. The tools continue to generate interest on Dark Web forums, primarily Russian-speaking marketplaces, according to Flashpoint.<\/p>\n<p>How much will attackers spend on these credentials? It depends what they&#8217;re looking for. Earlier this year, researchers on the McAfee Advanced Research Team <a href=\"https:\/\/www.darkreading.com\/threat-intelligence\/major-international-airport-system-access-sold-for-$10-on-dark-web\/d\/d-id\/1332270\" target=\"_blank\">found<\/a> RDP access for a major international airport was being sold via Russian RDP shop UAS for the low price of $10. However, actors may pay more for access to specific sectors and\/or high-value targets.<\/p>\n<p>Chet Wisniewski, principal research scientist in Sophos&#8217; Office of the CTO, says the quantities of RDP ports available on the Dark Web have kept prices low, &#8220;almost identical to what we see with stolen credit cards,&#8221; he says. &#8220;Same with RDP, there are tens of thousands of open RDP systems across the Internet.&#8221;<\/p>\n<p><strong>So You Have RDP Credentials. Now What?<\/strong><\/p>\n<p>Once they have RDP credentials, an attacker can use their access to launch several attacks. Stolen usernames and passwords mark the initial attack vector in just about every cyberattack, Cabrera says, noting they help start phishing campaigns, ransomware, and data breaches. RDP access helps attackers target server infrastructure directly.<\/p>\n<p>&#8220;If I get access to a server, to RDP, I can just launch the Web browser that&#8217;s built in and download anything and everything I want to build on that system,&#8221; says Wisniewski. It doesn&#8217;t take an advanced attacker to abuse RDP; as he puts it, &#8220;even the dumbest criminal&#8221; can do a reasonable amount of damage.<\/p>\n<p>Once they&#8217;re inside, attackers typically target the passwords of admin accounts to maximize their system access. They might download and install low-level system tweaking software and use it to disable or reconfigure anti-malware software on the machine, Sophos researchers explained in a post on RDP and <a href=\"https:\/\/nakedsecurity.sophos.com\/2017\/11\/15\/ransomware-spreading-hackers-sneak-in-through-rdp\/\" target=\"_blank\">ransomware<\/a> distribution. They may also turn off database services to leave files vulnerable, or upload and run their choice of ransomware.<\/p>\n<p>&#8220;If it&#8217;s handy for a system administrator, it&#8217;s handy for a hacker,&#8221; Wisniewski adds. If you have remote control software facing the Internet, any attacker can find and abuse it.<\/p>\n<p>However, advanced attackers can do more damage with the same level of access.<\/p>\n<p><strong>Hotter Targets, Higher Prices<\/strong><\/p>\n<p>Less skilled attackers are more likely to purchase bulk RDP access on the Dark Web, Wisniewski adds, because they lack expertise to find open ports. Skilled hackers are more likely to seek out and purchase credentials to high-value targets; for example, defense contractors.<\/p>\n<p>&#8220;It&#8217;s not only identifying and selling in bulk,&#8221; says Cabrera. &#8220;I think what&#8217;s happening with RDP credentials, like other services and commodities, is that the criminals today are becoming a little more sophisticated in what they&#8217;re looking for.&#8221; Instead of selling credentials in bulk, they can categorize them and provide guaranteed persistence or system access.<\/p>\n<p>Someone who finds 100 exposed RDP servers can instead of selling access on a forum for $10 each, figure out who they belong to, says Wisniewski. Low-value credentials sell in bulk for cheap, but high-value targets can go for markedly higher prices \u2013 up to tens of thousands of dollars. The high dollar value is limited to adversaries who want that specific access.<\/p>\n<p>Oftentimes high-value targets are sold by attackers who harvested many RDP ports, conducted reconnaissance, and recognized they had something valuable but didn&#8217;t want to risk exploiting it and facing criminal penalties. Rather than risk jail time, they take their findings to the Dark Web in hopes a more skilled attacker will want to buy it, he continues.<\/p>\n<p>Cybercriminals are serving other criminals and becoming more sophisticated in the offerings they&#8217;re able to provide, Cabrera explains. Not every criminal enterprise is the same, and those that provide the best services and commodities will continue to grow. &#8220;It is incredibly valuable for [RDP] to be sold in the criminal underground,&#8221; he says.<\/p>\n<p><strong>How to Stay Safe: Get Offline<\/strong><\/p>\n<p>&#8220;The way you know it&#8217;s been compromised is it&#8217;s on the Internet at all,&#8221; says Wisniewski. Under no circumstances should RDP ports be exposed online, and they should always go through a VPN and be protected with <a href=\"https:\/\/www.darkreading.com\/endpoint\/cracking-2fa-how-its-done-and-how-to-stay-safe\/d\/d-id\/1331835\" target=\"_blank\">multi-factor authentication<\/a>.<\/p>\n<p>&#8220;That&#8217;s table stakes for 2018,&#8221; he continues. &#8220;If it&#8217;s on the Internet, someone&#8217;s going to make money with it.<\/p>\n<p>He advises companies to lock down their servers so they have fewer capabilities if and when they are compromised. Make sure any system that is exposed, or available via VPN, is locked down so it can&#8217;t access critical systems. Most organizations are smart enough to be scanning their own network interfaces to ensure they&#8217;re offline, he says.<\/p>\n<p>Breaching networks and servers via RDP ports remains of great interest to cybercriminals, according to Flashpoint, and there is a clear trend toward automating the process of detecting exposed RDP targets and brute-forcing access. The company recommends using complex passwords for RDP instances and avoiding relying on default or weak credentials.<\/p>\n<p>&#8220;Flashpoint assesses with high confidence that cybercriminals will likely continue to use such automated technology to obtain illicit RDP access, breach servers, and remove traces of their activity,&#8221; Flashpoint&#8217;s blog says. Flashpoint predicts &#8220;with moderate confidence&#8221; that the potential for RDP access tools in cryptomining will drive their popularity among criminals.<\/p>\n<p><strong>Related Content:<\/strong><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/img.deusm.com\/darkreading\/MarilynCohodas\/BHEURUOPE2018-vplug_Web_Banners_468x60_Sponsor.png\" alt=\"\" width=\"468\" height=\"60\"\/><\/p>\n<p><em><strong>B<\/strong><\/em><em><strong>lack Hat Europe returns to London Dec 3-6 2018\u00a0 with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall.\u00a0<\/strong><\/em><em><strong>Click for information on the <a href=\"https:\/\/www.blackhat.com\/eu-18\/\" target=\"_blank\">conference<\/a>\u00a0and <a href=\"https:\/\/blackhat.tech.ubm.com\/europe\/2018\/?_mc=nlad_x_insecr_le_tsnr_insec_x_x-bht&amp;\" target=\"_blank\">to register.<\/a><\/strong><\/em><\/p>\n<p><span class=\"italic\">Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance &amp; Technology, where she covered financial &#8230; <a href=\"https:\/\/www.darkreading.com\/author-bio.asp?author_id=837\">View Full Bio<\/a><\/span> <\/p>\n<p><span class=\"smaller strong red allcaps\">More Insights<\/span><\/p>\n<p> Read More <a href=\"https:\/\/www.darkreading.com\/endpoint\/rdp-ports-prove-hot-commodities-on-the-dark-web\/d\/d-id\/1332830?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Remote desktop protocol access continues to thrive in underground markets, primarily to hackers who lack expertise to find exposed ports themselves. Read More <a href=\"https:\/\/www.darkreading.com\/endpoint\/rdp-ports-prove-hot-commodities-on-the-dark-web\/d\/d-id\/1332830?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple\">HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-13026","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>RDP Ports Prove Hot Commodities on the Dark Web 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/rdp-ports-prove-hot-commodities-on-the-dark-web\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"RDP Ports Prove Hot Commodities on the Dark Web 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/rdp-ports-prove-hot-commodities-on-the-dark-web\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2018-09-17T20:57:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/img.deusm.com\/darkreading\/MarilynCohodas\/BHEURUOPE2018-vplug_Web_Banners_468x60_Sponsor.png\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/rdp-ports-prove-hot-commodities-on-the-dark-web\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/rdp-ports-prove-hot-commodities-on-the-dark-web\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"RDP Ports Prove Hot Commodities on the Dark Web\",\"datePublished\":\"2018-09-17T20:57:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/rdp-ports-prove-hot-commodities-on-the-dark-web\\\/\"},\"wordCount\":1326,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/rdp-ports-prove-hot-commodities-on-the-dark-web\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/img.deusm.com\\\/darkreading\\\/MarilynCohodas\\\/BHEURUOPE2018-vplug_Web_Banners_468x60_Sponsor.png\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/rdp-ports-prove-hot-commodities-on-the-dark-web\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/rdp-ports-prove-hot-commodities-on-the-dark-web\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/rdp-ports-prove-hot-commodities-on-the-dark-web\\\/\",\"name\":\"RDP Ports Prove Hot Commodities on the Dark Web 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/rdp-ports-prove-hot-commodities-on-the-dark-web\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/rdp-ports-prove-hot-commodities-on-the-dark-web\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/img.deusm.com\\\/darkreading\\\/MarilynCohodas\\\/BHEURUOPE2018-vplug_Web_Banners_468x60_Sponsor.png\",\"datePublished\":\"2018-09-17T20:57:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/rdp-ports-prove-hot-commodities-on-the-dark-web\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/rdp-ports-prove-hot-commodities-on-the-dark-web\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/rdp-ports-prove-hot-commodities-on-the-dark-web\\\/#primaryimage\",\"url\":\"https:\\\/\\\/img.deusm.com\\\/darkreading\\\/MarilynCohodas\\\/BHEURUOPE2018-vplug_Web_Banners_468x60_Sponsor.png\",\"contentUrl\":\"https:\\\/\\\/img.deusm.com\\\/darkreading\\\/MarilynCohodas\\\/BHEURUOPE2018-vplug_Web_Banners_468x60_Sponsor.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/rdp-ports-prove-hot-commodities-on-the-dark-web\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"RDP Ports Prove Hot Commodities on the Dark Web\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"RDP Ports Prove Hot Commodities on the Dark Web 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/rdp-ports-prove-hot-commodities-on-the-dark-web\/","og_locale":"en_US","og_type":"article","og_title":"RDP Ports Prove Hot Commodities on the Dark Web 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/rdp-ports-prove-hot-commodities-on-the-dark-web\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2018-09-17T20:57:00+00:00","og_image":[{"url":"https:\/\/img.deusm.com\/darkreading\/MarilynCohodas\/BHEURUOPE2018-vplug_Web_Banners_468x60_Sponsor.png","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/rdp-ports-prove-hot-commodities-on-the-dark-web\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/rdp-ports-prove-hot-commodities-on-the-dark-web\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"RDP Ports Prove Hot Commodities on the Dark Web","datePublished":"2018-09-17T20:57:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/rdp-ports-prove-hot-commodities-on-the-dark-web\/"},"wordCount":1326,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/rdp-ports-prove-hot-commodities-on-the-dark-web\/#primaryimage"},"thumbnailUrl":"https:\/\/img.deusm.com\/darkreading\/MarilynCohodas\/BHEURUOPE2018-vplug_Web_Banners_468x60_Sponsor.png","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/rdp-ports-prove-hot-commodities-on-the-dark-web\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/rdp-ports-prove-hot-commodities-on-the-dark-web\/","url":"https:\/\/www.threatshub.org\/blog\/rdp-ports-prove-hot-commodities-on-the-dark-web\/","name":"RDP Ports Prove Hot Commodities on the Dark Web 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/rdp-ports-prove-hot-commodities-on-the-dark-web\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/rdp-ports-prove-hot-commodities-on-the-dark-web\/#primaryimage"},"thumbnailUrl":"https:\/\/img.deusm.com\/darkreading\/MarilynCohodas\/BHEURUOPE2018-vplug_Web_Banners_468x60_Sponsor.png","datePublished":"2018-09-17T20:57:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/rdp-ports-prove-hot-commodities-on-the-dark-web\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/rdp-ports-prove-hot-commodities-on-the-dark-web\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/rdp-ports-prove-hot-commodities-on-the-dark-web\/#primaryimage","url":"https:\/\/img.deusm.com\/darkreading\/MarilynCohodas\/BHEURUOPE2018-vplug_Web_Banners_468x60_Sponsor.png","contentUrl":"https:\/\/img.deusm.com\/darkreading\/MarilynCohodas\/BHEURUOPE2018-vplug_Web_Banners_468x60_Sponsor.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/rdp-ports-prove-hot-commodities-on-the-dark-web\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"RDP Ports Prove Hot Commodities on the Dark Web"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/13026","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=13026"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/13026\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=13026"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=13026"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=13026"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}