FRANKFURT, June 15 (Reuters) – A major underground marketplace known as cybercrime market acting like an eBay for criminals is selling access to more than 70,000 compromised servers allowing buyers to carry out widespread cyber-attacks around the world, security experts said on Wednesday.
Kaspersky Lab researchers have investigated a global forum where cybercriminals can buy and sell access to compromised servers for as little as $6 each. It offers access to hacked computers owned by governments, companies and universities in 173 countries,unbeknownst to the servers’ legitimate owners.
Each server comes pre-equipped with a variety of software to mount denial-of-service attacks on other networks, launch spam campaigns, illicitly manufacture bitcoin currency or compromise online or retail payment systems.This pre-equipped method is used to target the owners’ infrastructures or as a launch-pad for wider attacks, while the owners, including government entities, corporations and universities, have little or no idea of what’s happening.
He said the cybercrime market might also be used to exploit hundreds of millions of old, stolen email credentials reported in recent months to be circulating in the criminal underground.
“Stolen credentials are just one aspect of the cybercrime business”.
Raiu told Reuters in an interview:
“In reality, there is a lot more going on in the underground. These things are all interconnected.”
The xDedic is a short term for dedicated, which appears to be run by a Russian-speaking group.It is a term used in Russian online forums for a computer under remote control of a hacker and available for use by other parties.
XDedic connects sellers of compromised servers with criminal buyers. The market’s owners take a 5 percent up-front fee on all money put into trading accounts, Raiu said.
Kaspersky found the machines run remote desktop software widely used by network administrators to provide technical support for Microsoft Windows users. Access to servers with high capacity network connections may cost up to $15.
A European internet service provider (ISP) alerted Kaspersky Lab to the existence of xDedic and the companies worked together to investigate how the forum operates.
High-profile targets include a U.S. aerospace firm, banks in the United States, Philippines, Kazakhstan, Jordan, Ghana, Cyprus, South Korea and Saudi Arabia, chemical firms in Singapore and Thailand and oil companies in China and the United Arab Emirates, Kaspersky found.
Raiu declined to name the organisations. He said Kaspersky has notified national computer emergency response teams in several countries.
To keep organizations well informed about cybercrime market attacks Kaspersky Lab advises to:
• Install a robust security solution as part of a comprehensive, multi-layered approach to IT infrastructure security.
• Enforce the use of strong passwords as part of the server authentication process.
• Implement a continuous process of patch management .
• Undertake a regular security audit of the IT infrastructure.
• Consider investing in threat intelligence services which will keep the organization informed of emerging threats and offer an insight into the criminal perspective to help them assess their level of risk.