Last week, Kaspersky Lab’s Global Research & analysis Team (GREaT – see what they did there?) published a highly interesting if not jaw-dropping expose of something called the xDedic marketplace which is a (SURPRISE!) Russian hacker backed online marketplace allowing prospective cyber-criminals (Mwahahaha) to buy access to compromised Windows servers using RDP (meaning that they can be accessed as you would a regular Windows machine, remotely).
You can read the initial disclosure here.
Now we have all known for some time that services like this are widely available, in fact the wonderful people at Sophos have been discussing ‘high-tech crime available to low-tech criminals’ for some time, however this developing story keeps making us choke on our tea here at ITC towers.
Initially estimated at 70,000 (gulp) compromised servers for sale, further analysis and some squealing by hackers unknown (well, they called themselves AngryBirds) now put the number of borked servers at up to 176,000 (eeek).
You can read the updated report here.
Topping the list of infected servers is the good old USA with 60,081, followed some distance behind (as usual) by the UK with 8,871.
Now we know what you are thinking, at least if you didn’t come to our Summer Social last night and cannot think through the haze……’Is one of my servers on the list?’ Well good news, the magnificent cyber warriors of Kaspersky’s GREaT team have assembled a CSV file containing the full list separated by country. You can download it here and if you have Internet facing Windows servers, you really should, and check for your IP addresses!
A couple of other highlights of this torrid tale are that the xDedicks tag the available servers identifying if each server is blacklisted or not by potential target sector (banking, gambling, online trading etc.), and also summarise the software running on the server, the most popular of which seems to be ePOS systems, clearly being used by the low-tech guys to harvest credit card details.
The Kaspersky articles above are really worth a read and further underline the sophistication and commoditisation of cyber crime we are seeing this year and will most certainly get worse going forward.
If you have Internet facing servers, it is imperative that you keep them patched, regularly scan them for vulnerabilities from both the outside and the inside and look for anomalous behaviour such as increased traffic at unusual times, increased logs etc. and ensure that they are appropriately segregated from your Crown Jewels, all things that our NetSure360° Managed Security Service can help you manage.
If you would like to know more about cyber crime and how to protect your business from it, do contact us and have a chat with one of our experienced security professionals. There is a high likelihood they might even be proud Europeans.
If you would like to know how ITC Secure Networking can help you, please ping us an email at [email protected] or call us on 020 7517 3900.
