Kaspersky has published a report on an underground marketplace that’s being used to buy and sell credentials for hacked servers. Targets range from branches of government to major corporations, and access is being sold for as little as $6.
This report comes as a result of an investigation carried out by Kaspersky in conjunction with an unnamed European ISP. The service is called xDedic, and is thought to be operated by a group of Russian-speaking hackers.
In March 2016, the xDedic sales inventory offered access to 51,752 servers across 183 countries. By May 2016, 70,624 servers were available, demonstrating both the growth of the service and the fact that its management is carefully maintaining its operation.
The group in control of xDedic maintains that it is not responsible for any of the illegal content being bought and sold, asserting that it is simply running the marketplace and nothing more. More than 400 unique sellers are thought to be using the site.
xDedic is primarily being used to purchase credentials that allow access to a particular server via a Remote Desktop Protocol connection. This can either be used as a means of stealing data from the server, or as the opening from which to execute an attack.
Many of the servers are located in Brazil, China, and Russia, with the three countries combined accounting for almost a quarter of those available for purchase as of May 2016. Kaspersky is remaining tight-lipped about specific targets, but an aerospace firm and a bank located in the United States are thought to have been compromised, according to a report from Tech Spot.
Information like this demonstrates the continuing importance of online security. It might seem impossible to stay safe when the internet’s criminal element is working with tools like xDedic — but the very fact that the underground is producing this sort of sophisticated marketplace only demonstrates the importance of being vigilant.