This week Brian Krebs posted an article about a service that sells access to to computers via RDP. You can search by IP range to find servers for sale and get access for as little as $5. Definitely worth a read.
This particular service specialized in systems accessible via RDP. The example given was a bad default username and password. I’d like to think that companies in the Fortune 500 wouldn’t let you get into their internal network with RDP, or even be able to pivot from a DMZ box.