Kaspersky Lab researchers have investigated a global forum wherecybercriminals can buy and sell access to compromised serversfor as little as $6 each. The xDedic marketplace, which appears to be run by a Russian-speaking group, currently lists 70,624 hacked Remote Desktop Protocol (RDP) servers for sale. Manyof the servers host or provide access to popular consumer websites and services and some have software installed for direct mail, financial accounting and Point-of-Sale (PoS) processing. They can be used to target the owners’ infrastructures or as a launch-pad for wider attacks, while the owners, including government entities, corporations and universities, have little or no idea of what’s happening.
New research by Kaspersky Lab and B2B International shows that in the last 12 months one in four Internet users had at least one of their online accounts hacked, leading to unauthorized messages being sent out in the user’s name, sometimes with a malicious link included, and the loss or theft of personal data. However, another study shows that, despite this, just 38% of consumers create strong passwords for every account and over half (57%) store passwords insecurely.