Hackers sell compromised servers in underground marketplace for $6

Dubai: Cyber criminals have been stealing credit cards and bank details of consumers but the new trend is that the crooks have found a massive underground trading marketplace for buying and selling compromised servers for as little as $6 (Dh22) each.

Yury Namestnikov, Senior Security Researcher at Kaspersky Lab, told Gulf News that the UAE is ranked 18th with 1,224 servers for sale. The top 10 affected countries are Brazil, China, Russia, India, Spain, Italy, France, Australia, South Africa and Malaysia.

He said the underground marketplace — xDedic.biz — is run by a Russian-speaking group with 70,624 hacked servers for sale. The group behind xDedic claims that they merely provide a trading platform and has no links or affiliations to the sellers.

The marketplace offers “fast, cheap and easy” access to legitimate organisational infrastructure that keeps their crimes below the radar for as long as possible.

The xDedic marketplace seems to have opened for business some time in 2014, Namestnikov said, adding that it has grown significantly in popularity since the middle of 2015. In May 2016, it listed 70,624 servers from 173 countries for sale, posted in the names of 416 different sellers. “The new trend is growing very fast. In March, there were 50,000 servers for sale and in May, it has crossed 70,000,” he said.

Brute-force attacks

When asked how hackers get access to servers, he said that the process is simple and thorough — hackers break into servers, often through brute-force attacks, and bring the credentials to xDedic.

The hacked servers are then checked for their configuration, memory, software, browsing history and more — all features that customers can search through before buying. After that, they are added to a growing online inventory that includes access to government networks, corporations, universities, gaming, betting, dating, online shopping, online banking and payment, cell phone networks, internet service providers and browsers.

He said the biggest risk is that they can be used to target the owners’ infrastructures or as a launch-pad for wider attacks such as targeted attacks, malware, distributed denial-of-services, phishing, social-engineering and adware attacks, while the owners, including government entities, corporations and universities, have little or no idea of what’s happening.

Kaspersky Lab advises organisations to install a robust security solution as part of a comprehensive, multilayered approach to IT infrastructure security, undertake a regular security audit of the IT infrastructure and invest in threat intelligence services which will keep the organisation informed of emerging threats and offer an insight into the criminal perspective to help them assess their level of risk.