Dive Brief:
-
Kaspersky Lab researchers say hackers have sold access to more than 170,000 compromised servers since 2014.
-
That’s a significant increase from last week’s report, in which Kaspersky researchers found more than 70,000 compromised servers for sale on a black market website called xDedic.
-
The researchers said U.S. data was for sale on the site for between $1,500 to $6,000, with especially high interest in servers that held accounting data, tax reporting and point-of-sale software.
Dive Insight:
After Kaspersky published the report saying it had found a black market website selling remote access to the 70,000 compromised servers last week, an anonymous hacker pointed the researchers to Pastebin lists of additional IP addresses for sale. Investigation of that information suggests that data from the hacked servers has been for sale on xDedic since 2014.
A third of the hacked servers—more than 60,000—were located in the United States, according to Kaspersky researchers. Unauthorized access to servers can threaten an entire enterprise, as malicious actors could exploit the data or, in some cases, even change it.
Today’s hackers often target servers in order to get at larger caches of data. In April, the FBI sent out a warning that a group of hackers "have compromised and stolen sensitive information from various government and commercial networks" since at least 2011.
In February, a bug hunter looking for vulnerabilities on Facebook’s server found a backdoor previously installed by hackers. The hackers that installed the backdoor reportedly downloaded the captured credentials and also regularly deleted the file containing the data. There was also evidence that they tried to map Facebook's internal network, log into other servers and search for SSL private keys.
