India ranks fourth in the list of hacked servers available for sale via xDedic marketplace. According to Kaspersky, xDedic lists 3488 Indian servers for sale as of May 2016.
The Kaspersky report further states cyber-criminals can buy and sell access to these compromised servers for as little as $6 each. The xDedic marketplace is run by a Russian-speaking group and currently has access to some 70,624 hacked Remote Desktop Protocol (RDP) servers.
The xDedic marketplace is reportedly being used by entry-level cyber-criminals as well as APT groups to access legitimate organisational infrastructure to keep their crimes below the radar.
The Kaspersky report states xDedic listed servers granting access to following data:
1. Servers belonging to government networks, corporations and universities
2. Servers tagged for having access to or hosting certain websites and services, including gaming, betting, dating, online shopping, online banking and payment, cell phone networks, ISPs and browsers
3. Servers with pre-installed software that could facilitate an attack, including direct mail, financial and PoS software
4. All supported by a range of hacking and system information tools.
The top 10 countries affected are Brazil, China, Russia, India, Spain, Italy, France, Australia, South Africa and Malaysia.
The report claims the listed servers can be used by cyber-criminals to target the owners’ infrastructures or as a launchpad for an even wider attack.
Surprisingly, the report states governments, corporations and universities are often unaware that their IT infrastructure has been compromised.