Kaspersky
Lab researchers have investigated a global forum where cyber criminals can buy
and sell access to compromised servers for as little as $6 each.
The xDedic
marketplace, which appears to be run by a Russian-speaking group, currently
lists 70,624 hacked Remote Desktop Protocol (RDP) servers for sale and India ranks fourth in hacked servers with 3,488 compromised servers listed
on xDedi as of May 2016.
According
to the investigation, many of the servers host or provide access to popular
consumer websites and services and some have software installed for direct
mail, financial accounting and Point-of-Sale (PoS) processing.
They can
be used to target the owners' infrastructures or as a launch-pad for wider
attacks, while the owners, including government entities, corporations and
universities, have little or no idea of what's happening.
xDedic is
a powerful example of a new kind of cybercriminal marketplace: well-organized
and supported and offering everyone from entry-level cybercriminals to APT
groups fast, cheap and easy access to legitimate organizational infrastructure
that keeps their crimes below the radar for as long as possible.
"xDedic
is further confirmation that cybercrime-as-a-service is expanding through the
addition of commercial ecosystems and trading platforms. Its existence makes it
easier than ever for everyone, from low-skilled malicious attackers to
nation-state backed APTs to engage in potentially devastating attacks in a way
that is cheap, fast and effective," said Costin Raiu,
Director,
Global Research and Analysis Team, Kaspersky Lab.
He said
that not just the customers or organizations, but the servers' owners are also
targeted.
"The
ultimate victims are not just the consumers or organisations targeted in an
attack, but also the unsuspecting owners of the servers: they are likely to be
completely unaware that their servers are being hijacked again and again for
different attacks, all conducted right under their nose," he added.
A European
internet service provider (ISP) alerted Kaspersky Lab to the existence of
xDedic and the companies worked together to investigate how the forum operates.
Kaspersky Lab is a global cyber security company
founded in 1997 and has deep threat intelligence and security expertise is
constantly transforming into security solutions and services to protect
businesses, critical infrastructure, governments and consumers around the
globe.
Representative
Image
Source:
ANI
ConversionConversion EmoticonEmoticon