Kaspersky Lab researchers exposed a massive global underground market selling more than 70,000 hacked servers from government entities, corporations and universities for as little as $6 each.
The cybersecurity firm said the newly discovered xDedic marketplace currently has a listing of 70,624 hacked Remote Desktop Protocol (RDP) servers for sale. It’s reported that many of the servers either host or provide access to consumer sites and services, while some have software installed for direct mail, financial accounting and POS processing, Kaspersky Lab confirmed.
Costin Raiu, director of Kaspersky Lab’s global research and analysis team, said:
“XDedic is further confirmation that Cybercrime-as-a-Service is expanding through the addition of commercial ecosystems and trading platforms. Its existence makes it easier than ever for everyone, from low-skilled malicious attackers to nation-state-backed APTs to engage in potentially devastating attacks in a way that is cheap, fast and effective. The ultimate victims are not just the consumers or organizations targeted in an attack but also the unsuspecting owners of the servers. They are likely to be completely unaware that their servers are being hijacked again and again for different attacks, all conducted right under their nose.”
The global forum enables cybercriminals to both purchase and sell access to the compromised servers and represents what Kaspersky Lab describes as a “new kind of cybercriminal marketplace.”
The platform is well-organized and easily provides quick and cheap access to legitimate organizational infrastructure.
According to Kaspersky Lab, the xDedic marketplace may have started back in 2014 but has grown significantly since. As of May 2016, it listed 70,624 servers from 173 countries for sale and posted under the names of 416 different sellers.
Kaspersky Lab provided the following recommendations to organizations:
- Implement multi-layered approach to IT infrastructure security that includes a robust security solution
- Use of strong passwords in server authentication processes
- Establish an ongoing patch management process
- Perform regular security audits of IT infrastructures
- Invest in threat intelligence services