For Sale: Access to 70,000 Hacked Computer Networks

Cyber-security firm Kaspersky Lab says it has uncovered an online marketplace where criminals from all over the world sell access to more than 70,000 hacked corporate and government servers for as little as $6 each.

Kaspersky discovered the forum after a tip from a European internet service provider. The market, called xDedic, is operated by hackers, who are probably Russian speaking, that have ditched their traditional business model of just selling passwords and have graduated instead to earning a commission from each transaction on their black market.

"It’s a marketplace similar to EBay where people can trade information about cracked servers," said Costin Raiu, head of global research at Kaspersky Lab. "The forum owners verify the quality of the hacked data and charge a commission of 5 percent for transactions."

An aerospace company from the US, oil firms from China and the United Arab Emirates, a chemical company from Singapore and banks from several different countries are among companies whose servers were compromised by xDedic, Kaspersky said, declining to disclose any names.

As businesses ranging from banks to retailers go digital, hacking is getting more advanced and is often instrumental to traditional crime. Markets offering criminals both the tools to hack into networks and the spoils of successful attacks such as credit card data are growing in size and complexity. US authorities worked with counterparts from more than a dozen other countries in 2015 to dismantle a sophisticated computer forum known as Darkode, described as an online, invitation-only market for cyber-criminals to buy and sell products for infecting electronic devices.

Cybercrime services allow even low-skilled criminals to use acquired malicious software to attack their targets, Kaspersky said. People who bought access to servers on xDedic used the information for denial-of-service attack on businesses or to steal credit-card details from servers connected to systems such as computer terminals in shops, according to Raiu. Some have used compromised servers to mine bitcoins, he said. The marketplace is available on the Internet, requiring users to register and deposit $10 in bitcoins.

“It wasn’t only government networks, but also corporations, banks, research institutions, telecommunication companies, to name a few," Raiu said.

Information-Management

« New US Biometric Passport Regulations Will Prevent Entry To Millions
The Cyberwar Frontier In Korea »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Lynx Software Technologies

Lynx Software Technologies

Lynx provide secure software and operating systems for use in mission critical applications such as aerospace, medical, transportation and IoT.

DFLabs

DFLabs

DFlabs is a pioneer in Security Automation & Orchestration technology, leveraging your existing security products to dramatically reduce the response and remediation gap.

Swiss Cyber Think Tank (SCTT)

Swiss Cyber Think Tank (SCTT)

The Swiss Cyber Think Tank is a business network for Cyber Risk & Insurability, providing an industry-wide networking platform for insurers, technology and security firms.

Security Innovation Network (SINET)

Security Innovation Network (SINET)

SINET is dedicated to building a cohesive, worldwide Cybersecurity community with the goal of accelerating innovation through collaboration.

BLUECYFORCE

BLUECYFORCE

BLUECYFORCE is the leading professional training and cyber defense training organization in France.

Selectron Systems

Selectron Systems

Selectron offers system solutions for automation in rail vehicles and support in dealing with your railway cyber security challenges.

SecurityGate

SecurityGate

SecurityGate.io is the only Integrated Risk Management platform built for OT/ICS cybersecurity. The leading Risk Assessment Platform for Critical Infrastructure.

Singular Security

Singular Security

Singular Security help public and private organizations minimize cybersecurity risk and pass their IT compliance audit.

Axio Global

Axio Global

Axio is a leading cyber risk management SaaS company. Our Axio360 platform gives companies visibility to their cyber risk, and enables them to prioritize investments to protect their business.

Pentest Limited

Pentest Limited

Pentest Limited provide information security consultation, penetration testing & red teaming services to companies across the globe.

Maritime Cyber Threats Research Group - University of Plymouth

Maritime Cyber Threats Research Group - University of Plymouth

The Maritime Cyber Threats research group of the University of Plymouth is focused on investigating marine cyber threats and researching solutions.

BATM Advanced Communications

BATM Advanced Communications

BATM Advanced Communications is a leading provider of real-time technologies for networking and cyber security solutions.

Defentry

Defentry

Defentry have created an Ecosystem that lets our users easily monitor, train and resolve their digital security issues.

Cyber Law Consulting

Cyber Law Consulting

Cyber Law Consulting is a Dynamic full service legal firm which offers complete services for Cyber Law, cyberlaw, Internet Law, Data Protection Act, Cyber Security, IPR, Drafting.

CyberGrape

CyberGrape

CyberGrape is a client centric managed services company, providing enterprise leading security solutions and helping companies through their IT risk and security challenges.

Federal Office for the Protection of the Constitution (BfV)

Federal Office for the Protection of the Constitution (BfV)

The Federal Office for the Protection of the Constitution (Bundesamt für Verfassungsschutz - BfV) is the domestic intelligence services of the federal government of Germany.