Kaspersky Lab researchers have recently uncovered a huge underground market selling to over 70,000 hacked servers. This is happening all over the world, spreading across 173 countries, each being affected in different scale and proportions. Most of these countries are from South East Asia, where Singapore is in 29th place with 743 servers, Malaysia has 2,140 servers (10th place) and Indonesia has 459 servers (37th place).
xDedic, the underground marketplace, is ran by a Russian-speaking group, who sells server information and login passwords that could be used to control these hacked servers. The machines that were compromised were not only those owned by private, home users. Many of them were different government networks, ISPs (Internet service providers), telcos, universities, medical institutions, and much more. According to Vitaly Kamluk, Asia Pacific director of Kaspersky Lab’s Global Research & Analysis Team: “This is something we have never seen before in terms of scale. It is a professional service developed over many years. Our research shows it has been operational since 2014, with tech support, a message board and training [for users].”
It is very clear that Asia is emerging as the picking place for cyber criminals. Prevention is compulsory is this scenario. As per Kamluk’s suggestion, strong passwords should be used to minimise exposure. “They got into these servers by leveraging on weak passwords on administrator accounts on RDP servers exposed to the Internet; to counter that, users should select complex passwords,” he said. Besides, one should try to avoid using RDP servers that are exposed to the Internet. If they are required to use it for various purposes, they should white list IP addresses that can connect to the server, which would make it difficult to find them and thus eliminate threats from brute-force attackers. An easy but effective measure is to always patch the system and make sure the latest version of the server software is running. Finally, Kamluk recommends using endpoint protection to counter backdoors planted by attackers.
Source: Dhaka Tribune