Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Over 176,000 Unique Hacked Servers Sold on xDedic Marketplace

Last week, Kaspersky Lab security researchers shared research on xDedic, a shady marketplace where access to hacked servers was being sold, and revealed that it spotted over 70,000 items for sale.

Last week, Kaspersky Lab security researchers shared research on xDedic, a shady marketplace where access to hacked servers was being sold, and revealed that it spotted over 70,000 items for sale.

While that figure alone is impressive, it seems that it is only the tip of the iceberg. The real number of hacked servers that have been traded on xDedic since October 2014, when it first appeared, is around three times larger, the researchers have recently discovered.

Soon after the initial report on xDedic emerged online, the marketplace was closed. This isn’t a surprise, since many cybercriminals prefer to go into hiding as soon as their nefarious activities are made public. What’s interesting, however, is that, as soon as the marketplace went down, Kaspersky Lab received information on the servers that were traded on it.

According to a new blog post, a whopping 176,000 unique hacked servers were traded on xDedic between October 2014 and February 2016. The data set they received shows all entries until the end of the day February 29, 2016, and supposedly comes from a person who had access to detailed information on the servers traded on the marketplace.

Kaspersky Lab researchers were provided with a list of IP addresses and date information, which they managed to link to some of the servers already spotted on xDedic. After verification, they assumed that the newly provided data was real, and managed to update their previous analysis accordingly.

Following the update, the United States was the most affected country when it comes to compromised servers sold on xDedic, with 60,081 records. The United Kingdom follows with 8,817 servers, trailed by Brazil (8,770 servers), Canada (6,112), France (5,973), Spain (5,954), Australia (5,855), Russia (5,608), Italy (5,536), and Germany (4,988).

Based on the new data, the United States accounts for 34% of the hacked servers, while the UK and Brazil account for 5% each. According to Kaspersky, the new data, which places the US, UK, Canada, and Germany on top 10 most affected countries, shows a more realistic picture of all compromised servers than what their previous data revealed.

The researchers also say that the source of this data, which remains anonymous, is either someone who has been constantly monitoring the xDedic marketplace and also had access to full IP information, or someone who had advanced access to the backend. Moreover, they explain that the servers they previously saw on the marketplace were only those less desirable, which also explained their low price.

Advertisement. Scroll to continue reading.

“For us it was yet another confirmation that when it comes to cybercrime, we often see just the tip of the iceberg. The reason why the xDedic marketplace looked smaller to the buyer is because the most desirable servers were often sold almost as soon as they were added to marketplace, leaving only the least interesting and unwanted servers for sale,” the researchers say.

The most expensive server on xDedic was $6,000, researchers reveal, while adding that only around 50 servers cost more than $50 and that all of them were in the United States. Apparently, a group called “Narko” had the top 10 most expensive servers on the marketplace, but the researchers couldn’t explain why their servers were more expensive than others, nor where they were located exactly.

Related: Hackers Will Break Into Email, Social Media Accounts for Just $129

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Gigamon has promoted Tony Jarjoura to CFO and Ram Bhide has been hired as Senior VP of engineering.

Cloud security firm Mitiga has appointed Charlie Thomas as Chief Executive Officer.

Cynet announced the appointment of Jason Magee as Chief Executive Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.