A massive online marketplace where criminals sell access to hacked corporate and government servers has been uncovered by a cyber security firm. Kaspersky Lab discovered the marketplace – which has over 70,000 hacked servers for sale for as little as $6 each – after a tip from a European internet service provider.
Named xDedic, the site is operated by hackers and is notable as the criminals are using an evolved business model of earning a commission on their transactions, rather than just selling passwords.
"It’s a marketplace similar to EBay where people can trade information about cracked servers," said Costin Raiu, head of global research at Kaspersky Lab, in an interview with
Bloomberg News. "The forum owners verify the quality of the hacked data and charge a commission of 5% for transactions."
An aerospace company from the U.S., oil firms from China and the United Arab Emirates, a chemical company from Singapore and banks from several different countries are among companies whose servers were compromised by xDedic, Kaspersky said, declining to disclose any names.
The incident highlights the need for businesses to have adequate cyber security coverage, as digital attacks and hacking efforts become more advanced.
A company’s presence on such a site can lead to wide spread, devastating exposure says Eldon Sprickerhoff, chief security strategist at eSentire. “Regardless of whether it’s a government or business server, once a threat actor is able to gain server access, stealing credentials is just one of a litany of actions the attacker can take,” he said in a statement to
Insurance Business. They can mine and encrypt data or download that data for later use. Compromised servers can also be used to host malware or launch and run denial of service attacks (DoS) as part of a botnet. Servers can also be configured as proxies for attackers trying to shield their identities.”
He adds that such sites are becoming more commonplace – and uncovering them is just the first step for targeted businesses and governments.
"The discovery of this new marketplace isn’t new, sadly. As the number of exploited servers continue to climb, so too will the avenues available to buy and sell stolen data,” he says. “In many cases organizations don’t have the crawling, alerting, and reporting mechanisms available to detect whether data has been stolen.“
According to Kaspersky, people who bought access to servers on xDedic have used the information for denial-of-service attack on businesses or to steal credit-card details from servers connected to systems such as computer terminals in shops. To access the marketplace, users need only register and make a $10 bitcoin deposit.
“It wasn’t only government networks, but also corporations, banks, research institutions, telecommunication companies, to name a few," Raiu said to
Bloomberg.
Related Links:
Businesses lose over $1 million to DNS attacks
University of Calgary pays ransom for stolen data
