2 min read

Here’s a marketplace where hacked servers from almost every country can be sold over and over again

Security & Privacy

To understand the scale of hackers out in the world, perhaps this one example is all that is needed.

Kaspersky Lab has released information on xDedic, a global forum that appears to be run by a Russian-speaking speaking group that currently lists 70,624 hacked Remote Desktop Protocol servers for sale from 173 countries, posted in the names of 416 different resellers.

To put that number of servers into perspective, it is estimated that Google runs around 900,000 servers worldwide. While 70,624 doesn’t seem like a lot in comparison, this is only a single marketplace. The servers also spans nearly all of the 196 countries that are in the world.

The worst-hit countries include Brazil, China, Russia, India, Spain, Italy, France, Australia, South Africa, Malaysia, United Kingdom, Mexico, Columbia, the United States and Germany.

These servers often host popular consumer websites, with many having direct mail, financial accounting or point-of-sale functionality.

Needless to say, they provide a large spectrum of launch pads for wide-scale assaults.

The kicker? A compromised server costs as little as $6. How much does that compare to how much money you spent to keep it secure?

The process, according to Kaspersky, is simple and thorough: hackers often brute-force their way into servers, then bring credentials to xDedic. The hacked servers are checked for their RDP configuration, memory, software, browsing history and more, all features that customers can search through before buying. After that, they are added to a growing online inventory.

So far, the list includes those that belong to governments, corporations and universities, gaming, betting, dating, online shopping, banking, cell phones, ISPs and browsers, and those with pre-installed software such as for financial transactions. Unlike in a ransomware scenario, the server’s legitimate owners are never made aware, and a server can be used in an attack and sold over and over again.

“The xDedic marketplace seems to have opened for business sometime in 2014, and has become significantly more popular since the middle of 2015,” Kaspersky said in a statement. “xDedic is further confirmation that cybercrime-as-a-service is expanding through the addition of commercial ecosystems and trading platforms.”

In addition to standard security measures, the company recommends implementing a continuous process of patch management and conducting security audits of infrastructure.