Most Read
Most Commented
mk-logo
News
M'sia in top 10 countries compromised by sale of access to hacked servers
Published:  Jun 17, 2016 10:14 AM
Updated: 4:56 AM

Malaysia is in the top 10 list of countries compromised by a massive underground market selling access to more than 70,000 hacked servers across 173 countries.

It is also the most compromised country in Southeast Asia, with 2,140 hacked servers being offered for sale by the underground marketplace dubbed xDedic, according to Digital News Asia.

"It is all over the world, not just emerging countries – over 170 countries affected in different scales and proportions.

"Singapore, for example, is in 29th place with 743 servers being offered – Malaysia has 2,140 servers (10th place) and Indonesia has 459 servers (37th place)," Asia Pacific director of Kaspersky Lab’s Global Research and Analysis Team (GREAT) Vitaly Kamluk was quoted as saying.

The underground marketplace is run by a Russian-speaking group and sells server information and login passwords that can be used to control these hacked servers, it reported.

The compromised machines not only include servers from private users but also those from “many different government networks, ISPs (Internet service providers), telcos, universities, medical institutions, and many more".

"This is something we have never seen before in terms of scale – it is a professional service developed over many years.

“Our research shows it has been operational since 2014, with tech support, a message board and training (for users).

“It’s all based on credentials – they even have scan protection against fraudsters who want to sell fake server logins,” Kamluk was quoted as saying.

According to the report, the access credentials are based on the Remote Desktop Protocol (RDP) which comes with Microsoft Windows.

It is disabled by default but can be enabled remotely by system administrators, Kamluk explained.

“What was surprising was the cost to purchase these access credentials was only US$6 to US$15.

“Imagine the pretty advanced hackers out there hunting for breaches in government, corporate or telco networks – with these services, cybercriminals can spend only up to US$10 to purchase the first launchpad into any country,” he was quoted as saying.

Kamluk said the xDedic website even explained what one could do upon gaining access to the server.

This includes registering accounts in banks, shops’ payment systems, and using someone else’s credit card to pay for the goods and deliver them, he said.

“Some servers had gambling software, which was probably used to launder money.

“These compromised servers can also be used for sending spam, and hosting trojans, viruses and backdoors.

“They can also be used as proxy servers or as a virtual private network (VPN) to hide your real IP (internet protocol) address,” he added.

Kamluk suggested several measures to prevent and minimise one's exposure to cyber crime.

The first would be to use a strong password, he said, adding that cyber criminals got into servers by leveraging on weak passwords on administrator accounts on RDP servers exposed to the internet.

"You should also consider if you really need RDP servers exposed to the internet. If you do, because of a business requirement, for example, you should whitelist IP addresses that can connect to the server.

“This would eliminate threats from brute-force attackers, as they won’t be able to find it in the first place,” he was quoted as saying.

He also reminded users to patch their systems and run the latest versions of their server software.

Kamluk also recommended using endpoint protection to counter backdoors planted by attackers.

“These attackers… create a backdoor in your system to ensure even if the account is locked or expired, they can get access back to the server to create a new account.

"These backdoors can be detected by most antivirus solutions,” he was quoted as saying.

ADS