Here’s a marketplace where hacked servers from almost every country can be sold over and over again

To understand the scale of hackers out in the world, perhaps this one example is all that is needed.

Kaspersky Lab has released information on xDedic, a global forum that appears to be run by a Russian-speaking speaking group that currently lists 70,624 hacked Remote Desktop Protocol servers for sale from 173 countries, posted in the names of 416 different resellers.

To put that number of servers into perspective, it is estimated that Google runs around 900,000 servers worldwide. While 70,624 doesn’t seem like a lot in comparison, this is only a single marketplace. The servers also spans nearly all of the 196 countries that are in the world.

The worst-hit countries include Brazil, China, Russia, India, Spain, Italy, France, Australia, South Africa, Malaysia, United Kingdom, Mexico, Columbia, the United States and Germany.

These servers often host popular consumer websites, with many having direct mail, financial accounting or point-of-sale functionality.

Needless to say, they provide a large spectrum of launch pads for wide-scale assaults.

The kicker? A compromised server costs as little as $6. How much does that compare to how much money you spent to keep it secure?

The process, according to Kaspersky, is simple and thorough: hackers often brute-force their way into servers, then bring credentials to xDedic. The hacked servers are checked for their RDP configuration, memory, software, browsing history and more, all features that customers can search through before buying. After that, they are added to a growing online inventory.

So far, the list includes those that belong to governments, corporations and universities, gaming, betting, dating, online shopping, banking, cell phones, ISPs and browsers, and those with pre-installed software such as for financial transactions. Unlike in a ransomware scenario, the server’s legitimate owners are never made aware, and a server can be used in an attack and sold over and over again.

“The xDedic marketplace seems to have opened for business sometime in 2014, and has become significantly more popular since the middle of 2015,” Kaspersky said in a statement. “xDedic is further confirmation that cybercrime-as-a-service is expanding through the addition of commercial ecosystems and trading platforms.”

In addition to standard security measures, the company recommends implementing a continuous process of patch management and conducting security audits of infrastructure.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

CDN Staff
CDN Staff
For over 25 years, CDN has been the voice of the IT channel community in Canada. Today through our digital magazine, e-mail newsletter, video reports, events and social media platforms, we provide channel partners with the information they need to grow their business.

Related Tech News

Featured Tech Jobs


CDN in your inbox

CDN delivers a critical analysis of the competitive landscape detailing both the challenges and opportunities facing solution providers. CDN's email newsletter details the most important news and commentary from the channel.