Kaspersky Lab has uncovered a massive underground marketplace dealing with credentials for over 70,000 hacked servers. Known as xDedic, access to these Remote Desktop Protocol (RDP) servers were being sold for as little as $6 (RM24) each; although on average they fetched between $7-8 (between RM28 and RM32).
Many of these servers were used to host popular websites, and even had software of dealing with financial accounting and point-of-sale processing. The massive online inventory of the marketplace also included servers belonging to government bodies, corporations, and universities.
The criminals behind the enterprise are said to be extremely well organised, going as far as to provide professional level support for their customers. Going as far as to provide helpful tips for remaining undetected while accessing the RDP servers; and writing “idiot-proof” FAQs.
Kaspersky said that the types and locations of the servers reflected the interests of the criminals; but could also reveal more about the number of unprotected servers in the affected regions. To a lesser extent, it may also reveal the quality of the internet infrastructure of the affected country.
The victims of xDedic appear to be developing countries, with Brazil and China the worst hit. Malaysia entered the list of victims in the 10th spot with some 2140 servers up for sale. Malaysia also had the highest number of servers being sold in the ASEAN region. The next highest – Thailand – had half the amount offered; while Singapore appeared at number 29 on the list with 743 servers.
Interestingly, the Russian speaking group behind xDedic only claim to be offering an exchange platform and have no connections to the actual sellers of the hacked servers. Kaspersky takes this as a sign of cybercrime-as-a-service is expanding to include online marketplaces and commercial eco-systems.