More than 70,000 hacked Remote Desktop Protocols (RDP) servers from 173 countries were sold at an underground market uncovered by cybersecurity firm.
With the aid of a European Internet service provider (ISP) Kaspersky Lab was able to uncover “xDedic,” a marketplace where “cybercriminals” were able to buy and sell access to servers for $6 each.
The Philippines was among the top 50 countries with hacked servers. Among the top 10 countries were Brazil, China, Russia, India, Spain, Italy, France, Australia, South Africa and Malaysia.
Kaspersky Lab said that the operation was simple. “Cybercriminals” hacked servers and brought the credentials to xDedic where RDP configuration, memory, software, browsing history, and other features were checked and then added to the online inventory.
Kaspersky Lab explained that “once a campaign has been completed, the attackers can put access to the server back up for sale and the whole process can begin again.”
Costin Raiu, Director of Kaspersky Lab’s Global Research and Analysis Team was said that the ultimate victims are not just consumers and organizations but also the owners of the servers who have no idea that their servers are being hijacked.
Kaspersky revealed that the following were offered in the online inventory:
● Servers belonging to government networks, corporations and universities
● Servers tagged for having access to or hosting certain websites and services, including gaming, betting, dating, online shopping, online banking and payment, cell phone networks, ISPs and browsers
● Servers with pre-installed software that could facilitate an attack, including direct mail, financial and PoS software
● All supported by a range of hacking and system information tools.
xDedic was “well-organized and supported”, being able to keep their crimes below the radar, according to the report.
Kaspersky Lab was concerned that xDedic could be used as a platform for further malicious attacks to government entities, corporations, universities and owners of personal accounts.
xDedic was already two years in business since it had opened in 2014 and had grown in popularity in the middle of 2015. In May 2016, it had listed 70,624 posted in the names of 416 sellers.
“xDedic is further confirmation that cybercrime-as-a-service is expanding through the addition of commercial ecosystems and trading platforms. Its existence makes it easier than ever for everyone, from low-skilled malicious attackers to nation-state backed APTs to eangage in potentially devastating attacks in a way that is cheap, fast and effective,” said Raiu.
Kaspersky Lab advised organizations to install a robust security, enforce the use of strong passwords, implement a continuous process of patch management, undertake a regular security audit of the IT infrastructure, and consider investing in threat intelligence services which will keep the organization informed of emerging threats and offer an insight into the criminal perspective to help them assess their level of risk.