Cybercriminals sell access to compromised corporate systems

A service discovered in the criminal underground is renting access to thousands of corporate servers that have been hacked through Windows software that lets people control computers remotely over the Internet. is renting access to nearly 17,000 computers that have been compromised through Microsoft's Remote Desktop Protocol, the blog KrebsonSecurity reported Monday.

Since the service was launched in 2010, apparently out of Russia, almost 300,000 computers worldwide have been available for rent.

Businesses use RDP to provide remote access to servers and desktops., which uses the slogan, "The whole world is one service," takes advantage of weak usernames and passwords.

For example, Brian Krebs, the author of the blog, found a computer for rent from Fortune 100 company Cisco Systems. The credential assigned to the Windows Server 2003 system was username: Cisco; password: Cisco. The company confirmed the hacked server was in its network, but declined to provide details to Krebs.

Cybercriminals have sold a variety of hacker services in the underground for sometime. Criminals rent networks of compromised PCs and tools for building the so-called botnets. They also open marketplaces for buying and selling credit and debut card, social security and bank account numbers.

[In depth: The botnet hunters]

The latest service is unusual because it rents compromised corporate systems. "This is the first time I've heard about providing a service with access to Fortune 500 companies," said Darren Hayes, a professor of computer science at Pace University and an expert in forensics and security.

Many of these services are based in Russia and other countries in which law enforcement do not have a cooperative relationship with U.S. authorities. The site is written in Russian and does not rent compromised servers from Russia, an indication that service owners want to avoid problems with police in the country.

"There's a lot of organized criminals in Russia who are hackers," Hayes said. "There's pictures of them online, and they don't hide. There's obviously been very little coordination or cooperation between U.S. and Russian authorities to tackle some of this organized crime." charges new customers a $20 registration fee that is paid via WebMoney, a virtual currency, Krebs said. The price for each hacked server is based on a number factors, including the speed of its processor, the number of cores, download and upload speeds and the amount of time the server has been continuously available online.

Hackers who sell the servers to the site are paid a commission and get to dictate how the systems are used, Krebs said. Some sellers may ban the systems' use in online gambling, PayPal or dating scams; and bar users from installing certain software.

Stuart McClure, chief executive, president and founder of security startup Cylance, expects cybercriminals to increasingly get in the business of renting space on hacked servers as the use of cloud computing grows. Systems used to provide software, infrastructure and application platforms as an Internet service are readymade for criminals who want to get into the illicit rental business.

"Most of the vulnerabilities you see in the corporate space today for this type of an attack to work are the same vulnerabilities you're going to find in the cloud," McClure said.

Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.

Join the CSO newsletter!

Error: Please check your email address.

Tags applicationssoftwarebotnetdata protectioncybercrimehackingcompromised computerintrusionCisco SystemsData Protection | MalwareMicrosoftsecuritylegal

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antone Gonsalves

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place