The xDedic marketplace, which appears to be run by a Russian-speaking group, lists 70,624 hacked Remote Desktop Protocol (RDP) servers for sale, it said in a release.
Many of the servers host or provide access to popular consumer websites and services, and some have software installed for direct mail, financial accounting and Point-of-Sale processing.
They can be used to target owners’ infrastructure or as a launch pad for wider attacks, while the owners, including government entities, corporations and universities, have little or no idea of what is happening.
xDedic is a powerful example of a new kind of cybercriminal marketplace: well organised and supported and offering everyone from entry-level cybercriminals to APT groups fast, cheap and easy access to legitimate organisational infrastructure that keeps their crimes below the radar for as long as possible.
The xDedic marketplace seems to have opened for business some time in 2014, and has grown significantly in popularity since the middle of 2015.
Last month it listed 70,624 servers from 173 countries for sale, posted in the names of 416 different sellers.
The top 10 countries affected are Brazil, China, Russia, India, Spain, Italy, France, Australia, South Africa and Malaysia.
Vietnam ranks 27th in the list with 841 servers hacked.
Kaspersky Lab has advised organisations to install a robust security solution as part of a comprehensive and multi-layered approach to IT security, enforce the use of strong passwords as part of the server authentication process, implement a continuous process of patch management and undertake a regular security audit of the IT infrastructure and others.