An interesting article from Kaspersky Lab. Should get you to sit upright – if you own a server.
Kaspersky Lab researchers have investigated a global forum where cybercriminals can buy and sell access to compromised servers for as little as $6 each. The xDedic marketplace, which appears to be run by a Russian-speaking group, currently lists 70,624 hacked Remote Desktop Protocol (RDP) servers for sale.
Many of the servers host or provide access to popular consumer websites and services and some have software installed for direct mail, financial accounting and Point-of-Sale (PoS) processing. They can be used to target the owners’ infrastructures or as a launch-pad for wider attacks, while the owners, including government entities, corporations and universities, have little or no idea of what’s happening.
xDedic is a powerful example of a new kind of cybercriminal marketplace: well-organized and supported, and offering everyone from entry-level cybercriminals to APT groups fast, cheap, and easy access to legitimate organizational infrastructure that keeps their crimes below the radar for as long as possible.
A European internet service provider (ISP) alerted Kaspersky Lab to the existence of xDedic and the companies worked together to investigate how the forum operates. Continue reading.