Security researchers from Kaspersky Lab have recently investigated a huge Russian underground marketplace, called xDedic, This marketplace has more than 70,000 hacked servers online and for sale.
Anyone as able to buy access, and the servers are going for as little as a single payment of $6 for access to everything on the server.
The analysts verified that the xDedic marketplace is run by a Russian group and it’s currently offering 70,624 Remote Desktop Protocol (RDP) servers located in 173 different countries by 416 unique sellers.
xDedic is a great instance of a crime-as-a-service, it’s a well-organized cybercriminal marketplace that’s providing everyone from entry-level cybercriminals to huge players in the scene. You can easily obtain cheap and easy access to established company infrastructure.
The servers include reputable organizations, government networks, corporations, and universities that apparently unaware of the security breach.
Cybercriminals might use the server to carry out phishing campaigns, targeted attacks or launch a variety of attacks with malware or distributed denial-of-service (DDoS).
The analysis on the xDedic marketplace began after a European internet service provider (ISP) notified Kaspersky.
After hackers breach a server via a brute-force attack they’re able to resell the access on the xDedic marketplace. It’s as easy as that.
“The process is simple and thorough: hackers break into servers, often through brute-force attacks, and bring the credentials to xDedic. The hacked servers are then checked for their RDP configuration, memory, software, browsing history and more – all features that customers can search through before buying.” Kaspersky stated in the report.
Currently xDedic offers:
- Servers belonging to government networks, corporations and universities
- Servers tagged for having access to or hosting certain websites and services, including gaming, betting, dating, online shopping, online banking and payment, cell phone networks, ISPs and browsers
- Servers with pre-installed software that could facilitate an attack, including direct mail, financial and PoS software
- All supported by a range of hacking and system information tools.
xDedic marketplace has been active since 2014 and peaked in activity in the middle of 2015. Here’s an infographic published by Kaspersky’s blog:
Kaspersky advises corporations to ensure they have robust security solutions as well as adopting password policies and the usage of strong authentication mechanisms. All devices must be continuously checked and patched.
