Offering cheap access to compromised servers is one of the latest ways for cyber criminals to spread cyber crimes, cyber security firm Kaspersky Lab said.
A Reuters report today said a major underground marketplace is selling access to more than 70,000 compromised servers allowing buyers to carry out cyber attacks globally.
Cyber security firm Kaspersky Lab said the online forum — run by a Russian speaking group — offers access to hacked computers owned by governments, companies and universities in 173 countries.
You can get access to a compromised server for as little as $6. Each server comes pre-equipped with a variety of software to mount denial-of-service attacks on other networks, launch spam campaigns, illicitly manufacture bitcoin currency or compromise online or retail payment systems.
“For $7, buyers can gain access to government servers in several countries, including interior and foreign ministries, commerce departments and several town halls,” said Costin Raiu, director of Kaspersky’s research and analysis team.
He said the market might also be used to exploit hundreds of millions of old, stolen email credentials reported in recent months to be circulating in the criminal underground.
xDedic is the name of the marketplace. Dedic is short for dedicated, a term used in Russian online forums for a computer under remote control of a hacker and available for use by other parties. An Internet service provider in Europe alerted Kaspersky to the existence of xDedic.
In May 2016, xDedic listed 70,624 hacked Remote Desktop Protocol (RDP) servers from 173 countries for sale.
The top 10 countries affected are: Brazil, China, Russia, India, Spain, Italy, France, Australia, South Africa and Malaysia.
The xDedic marketplace currently lists India at fourth position in hacked servers with 3488 compromised servers listed on xDedi as of May 2016.
Many of the servers host or provide access to popular consumer websites and services and some have software installed for direct mail, financial accounting and Point-of-Sale (PoS) processing. They can be used to target the owners’ infrastructures or as a launch-pad for wider attacks, while the owners, including government entities, corporations and universities, have little or no idea of what’s happening.
xDedic offers its members access to:
# Servers belonging to government networks, corporations and universities
# Servers that have access to or host certain websites and services, including gaming, betting, dating, online shopping, online banking and payment, cell phone networks, ISPs and browsers
# Servers with pre-installed software that could facilitate an attack, including direct mail, financial and POS software
XDedic connects sellers of compromised servers with criminal buyers. The market’s owners take a 5 percent up-front fee on all money put into trading accounts, Raiu said.
Kaspersky found the machines run remote desktop software widely used by network administrators to provide technical support for Microsoft Windows users. The price of access to servers with high capacity network connections may be up to $15.
Targets include a U.S. aerospace firm, banks in the United States, Philippines, Kazakhstan, Jordan, Ghana, Cyprus, South Korea and Saudi Arabia, chemical firms in Singapore and Thailand and oil companies in China and the United Arab Emirates, Kaspersky found.
Kaspersky has notified national computer emergency response teams in several countries.