Last time we wrote about email accounts being actively hacked and the fact that your personal data is not safe unless it is on your company’s local servers. However, time has shown that it is not that simple, companies’ servers may also be poorly protected and vulnerable to hacking and criminal intervention.
The market of hacked servers may be much bigger than previously thought to be. There is evidence that hackers have sold access to more than 170,000 hacked servers, one third of which is located in the USA.
Researchers from Kaspersky Lab announced that the black market’s website ‘xDedic’ is selling remote access to more than 70,000 hacked servers for just $6.
After the report, a user nicknamed AngryBirds published several lists of Pastebin with IP-addresses, as well as the dates when servers were hacked and sold at xDedic starting October 2014.
The combined lists contain nearly 176,000 of unique IP-addresses. These lists include 100,000 more items than the Kaspersky Lab researchers managed to find on the black market. It was not easy to review these lists, especially considering the fact that xDedic displays only the first two octets of the server’s IP-address (e.g. 111.111 * *).
Nevertheless, researchers have discovered a strong enough correlation to assume that the new database of the compromised servers is real and was copied from xDedic around February by someone who had access to view the complete IP-address.
The difference between the 70,000 gathered IP-addresses and the 176,000 IP-addresses sent by the anonymous user can be explained by the fact that xDedic publicly demonstrates only unsold servers.
The geographical analysis of a new list changes the picture of countries that suffered the most. At the time of the Kaspersky Lab analysis, Brazil and China held first and second places, respectively. According to the new list, first place goes to the US (more than 60K hacked servers), and second place goes to the UK (almost 9K).
Servers in the US and Western Europe are considered as the most valuable and are probably sold faster. In reality, the top-10 most expensive servers listed on xDedic were from the US. Their prices ranged from $1,500 to $6,000.
It is hard to say why access to these servers is so expensive, but researchers have seen an increased interest in servers associated with accounting, tax reporting and software points of sale (POS), because they afford many opportunities to cyber-criminals.
The new list, which displays complete IP-addresses, allows companies and network operators to check whether any of their current or past machines is on xDedic. Unfortunately, since this list is open to everyone, it has become more vulnerable to other hackers who might try to compromise the same vulnerable servers.