For Sale: Access to 70,000 Hacked Computer Networks

Cyber-security firm Kaspersky Lab says it has uncovered an online marketplace where criminals from all over the world sell access to more than 70,000 hacked corporate and government servers for as little as $6 each.

Kaspersky discovered the forum after a tip from a European internet service provider. The market, called xDedic, is operated by hackers, who are probably Russian speaking, that have ditched their traditional business model of just selling passwords and have graduated instead to earning a commission from each transaction on their black market.

"It’s a marketplace similar to EBay where people can trade information about cracked servers," said Costin Raiu, head of global research at Kaspersky Lab. "The forum owners verify the quality of the hacked data and charge a commission of 5 percent for transactions."

An aerospace company from the US, oil firms from China and the United Arab Emirates, a chemical company from Singapore and banks from several different countries are among companies whose servers were compromised by xDedic, Kaspersky said, declining to disclose any names.

As businesses ranging from banks to retailers go digital, hacking is getting more advanced and is often instrumental to traditional crime. Markets offering criminals both the tools to hack into networks and the spoils of successful attacks such as credit card data are growing in size and complexity. US authorities worked with counterparts from more than a dozen other countries in 2015 to dismantle a sophisticated computer forum known as Darkode, described as an online, invitation-only market for cyber-criminals to buy and sell products for infecting electronic devices.

Cybercrime services allow even low-skilled criminals to use acquired malicious software to attack their targets, Kaspersky said. People who bought access to servers on xDedic used the information for denial-of-service attack on businesses or to steal credit-card details from servers connected to systems such as computer terminals in shops, according to Raiu. Some have used compromised servers to mine bitcoins, he said. The marketplace is available on the Internet, requiring users to register and deposit $10 in bitcoins.

“It wasn’t only government networks, but also corporations, banks, research institutions, telecommunication companies, to name a few," Raiu said.

Information-Management

« New US Biometric Passport Regulations Will Prevent Entry To Millions
The Cyberwar Frontier In Korea »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Veeam

Veeam

Veeam is the leader in intelligent data management for the Hyper-Available Enterprise.

StickyMinds

StickyMinds

StickyMinds is the web's first interactive testing community exclusively engaged in improving software quality throughout the software development lifecycle.

RIGCERT

RIGCERT

RIGCERT provides training, audit and certification services for multiple fields including Information Security.

Braintrace

Braintrace

Braintrace’s services include Managed Detection and Response (MDR), Managed SIEM, SIEM-as-a-Service, SOC-as-a-Service, Advisory Services, and Incident Response.

Monster Jobs

Monster Jobs

Monster is a global leader in connecting people to jobs, wherever they are. Monster covers all job sectors including cybersecurity in locations around the world.

Scout Ventures

Scout Ventures

Scout Ventures is an early stage venture capital firm that is making the world a better, safer place by cultivating standout frontier technologies.

Trava Security

Trava Security

Trava simplifies cyber risk management for business owners and IT professionals. Automated assessments, mitigation advising, and data-driven cyber insurance.

Cyber Security for Europe (CyberSec4Europe)

Cyber Security for Europe (CyberSec4Europe)

CyberSec4Europe is designing, testing and demonstrating potential governance structures for a European Cybersecurity Competence Network.

Invicti Security

Invicti Security

Invicti Security is an AppSec leader transforming the way web applications are secured.

Fusion Cyber

Fusion Cyber

Fusion Cyber educates students in Zero Trust Risk Management, Defense, and Cyber Offense that lead to taking industry-accepted cybersecurity certifications.

e-Xpert Solutions

e-Xpert Solutions

e-Xpert Solutions is a company specialized in the Information Security field since 2001. Our skills are strong technical expertise and the development of tailor-made solutions.

Anatomy IT

Anatomy IT

Anatomy IT empowers healthcare providers to deliver exceptional patient care with cutting-edge technology and cybersecurity solutions.

Conceal

Conceal

Conceal’s mission is to stop ransomware and credential theft for companies of all sizes by developing innovative solutions that provide social engineering protection in any browser.

Armata Cyber Security

Armata Cyber Security

Armata exists to bring Cyber Security to all people – from home users and SMBs to large enterprises. We believe all users have the right to an affordable yet effective Cyber Security solution.

Aegis9

Aegis9

Aegis9 is an Australian owned and sovereign consultancy that specialises in providing tailored security solutions for both public and private sector clients based on their specific needs.

Verosint

Verosint

Verosint (formerly 443ID) provides real-time account fraud prevention that reveals fraudsters hiding in user accounts and proactively blocks them before their attacks can cause harm.