The exposed servers are from a wide array of industries and include governments, universities, financial institutions and retailers among the many organisations exposed. A one-time purchase allows the buyer free reign over the system, including the ability to install malware which can then steal sensitive data or use that server as a means to launch cyberattacks. Geographically, Brazil, China, Russia, India and Spain account for 32% of the exposed servers alone, with 50% of the servers spread between just ten countries.
“The ultimate victims are not just the consumers or organizations targeted in an attack, but also the unsuspecting owners of the servers: they are likely to be completely unaware that their servers are being hijacked again and again for different attacks, all conducted right under their nose,” Kaspersky stated.
xDedic, the forum where the exposed servers are being traded, has seen its popularity rise from 2014—where it had 55,000 exposed servers—but currently only has 416 users registered, suggesting that the group involved are relatively small, but dedicated.
Speaking on the revelation, Kaspersky said that xDedic is, "a powerful example of a new kind of cybercriminal marketplace: well-organised and supported and offering everyone from entry-level cybercriminals to APT groups fast, cheap and easy access to legitimate organisational infrastructure that keeps their crimes below the radar for as long as possible.”
Kaspersky Lab advises organizations to:
• Install a robust security solution as part of a comprehensive, multi-layered approach to IT infrastructure security
• Enforce the use of strong passwords as part of the server authentication process
• Implement a continuous process of patch management
• Undertake a regular security audit of the IT infrastructure
• Consider investing in threat intelligence services which will keep the organization informed of emerging threats and offer an insight into the criminal perspective to help them assess their level of risk.
Read more: securelist.com