Compromised servers selling for $6 in IT underground market
Criminals are selling access to more than 70,000 compromised servers owned by governments, companies and universities
Kaspersky Lab has identified that an underground cybercrime market is selling more than 70,624 compromised servers from both government and private networks for as little as $6.
The one-stop shop style marketplace is said to run by a Russian-speaking group, dubbed xDedic, is offering criminals access to hacked computers owned by governments, companies and universities in 173 countries, including Malaysia, Singapore and China.
A European internet service provider alerted Kaspersky Lab to the existence of xDedic and both companies worked together to investigate how the forum operates. The process is simple and thorough: hackers break into servers, often through brute-force attacks, and bring the credentials to xDedic. The hacked servers are then checked for their Remote Desktop Protocol (RDP) configuration, memory, software, browsing history and more; all features that customers can search through before buying.
According to Kaspersky Lab, each RDP server is pre-equipped with a variety of software to mount denial-of-service attacks on other networks, launch spam campaigns, and illicitly manufacture bitcoin currency, and compromise online or retail payment systems.
Kaspersky Lab's also found that once XDedic connects the sellers of the servers to the cybercriminals, the market owner takes a 5% upfront fee.
Costin Raiu, director of Kaspersky's research and analysis team said: "xDedic is further confirmation that cybercrime-as-a-service is expanding through the addition of commercial ecosystems and trading platforms. Its existence makes it easier than ever for everyone, from low-skilled malicious attackers to nation-state backed APTs to engage in potentially devastating attacks in a way that is cheap, fast and effective.
"The ultimate victims are not just the consumers or organizations targeted in an attack, but also the unsuspecting owners of the servers: they are likely to be completely unaware that their servers are being hijacked again and again for different attacks, all conducted right under their nose."
The xDedic marketplace seems to have opened for business some time in 2014, and has grown significantly in popularity since the middle of 2015. The top 10 countries affected are Brazil, China, Russia, India, Spain, Italy, France, Australia, South Africa and Malaysia.