Kaspersky Lab researchers reveal huge underground market selling access to over 70,000 hacked servers

16 Jun 2016

Kaspersky Lab researchers have uncovered a huge underground market selling access to over 70,000 hacked servers across 173 countries, with Malaysia among the top 10 and the most compromised in South-East Asia.

''It is all over the world, not just emerging countries – over 170 countries affected in different scales and proportions,'' said Vitaly Kamluk, Asia Pacific director of Kaspersky Lab's Global Research & Analysis Team (GREAT). He told Digital News Asia (DNA) in a phone conversation that ''Singapore for example, is in 29th place with 743 servers being offered – Malaysia has 2,140 servers (10th place) and Indonesia has 459 servers (37th place).''

The underground marketplace, known as xDedic and operated by a Russian-speaking group, sold server information and login passwords that could be used to control the hacked servers.

The compromised machines included not only those owned by private or home users, but also servers from ''many different government networks, ISPs (internet service providers), telcos, universities, medical institutions, and many more,'' said Kamluk.

''This is something we have never seen before in terms of scale – it is a professional service developed over many years.

''Our research shows it has been operational since 2014, with tech support, a message board and training [for users].

''It's all based on credentials – they even have scan protection against fraudsters who want to sell fake server logins,'' he added.

The xDedic marketplace revelation came about after an European ISP approached Kaspersky Lab because its servers were constantly being compromised, according to Kamluk.

''Its servers were being compromised again and again; even after clean-ups and other necessary actions, the attackers could still get access back,'' he said.

''Our investigation showed the installation of certain tools that referenced the xDedic marketplace, which turned out to be a website where anyone can log in and see the servers on offer,'' he added.

Further research revealed that servers from both developed and emerging markets were part of the xDedic marketplace.