SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
New Zealand
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
DDoS
#
Edge Data Centre
#
MarTech
Bulletproof hosting: why cyber crims can't live without it
Mon, 20th Jul 2015
FYI, this story is more than a year old
Author image
By Shannon Williams, Journalist
Follow us

Bulletproof hosting services (BPHS) is a critical component of cybercrime that is often overlooked, according to security experts Trend Micro, who says online criminals would not be able to operate without it.

The security firm says local law enforcement agencies usually turn a blind eye to BPHS because BPHS clients do not usually focus on targets in their home country.   Specialising in malicious, dangerous or illegal content, bulletproof hosters are home for sites that include a range of potentially harmful content, including fake goods, malware, exploits, C-C components, adult content and child exploitation - complete with customer service, Trend Micro says.   BPHS are hardware-, software- or application-based hosting facilities that can store any type of content and executable code, just like any regular hosting service.

Trend Micro says these types of servers can be used to host malicious content, such as phishing sites, pornography, fake shopping and carding sites, and even command-and-control (C-C) infrastructure.

“In short, it's the foundation by which major cybercriminal operations are built upon,” Trend Micro explains.

Trend Micro says its latest research aims to bring these hosting services to the public eye, offering a look into the more obscure details of cybercrime.

Through extensive research, Trend Micro says the most common malicious content hosted on BHPS consist of fake shopping sites, torrent file download sites, Blackhat SEO pseudo-sites, brute force tools, C-C components and more.

The Trend Micro research found BHPS providers' business models consist of three models: the dedicated bulletproof server model, in which the provider knowingly hosts malicious content; the compromised dedicated server, where the provider compromises dedicated legitimate servers and rents them out to malicious parties; and abused cloud-hosting services, where legitimate service providers are being used illegally.

Besides hosting malicious content, BHPS providers also earn revenue from other services, such as technical support, infrastructure migration, protection against DDoS attacks and more. Just like a legitimate server hosting practice, they provide supplementary services for their clients, Trend Micro explains.

The price of a hosting server depends on which business model the provider is using as well as the duration of usage. A dedicated server may cost around US$70 a month, while another can cost as much as US$5 for only one attack.

More details and in-depth analysis are available here.

Related stories
MotivationWorks upgrades cybersecurity with Radware
The rising threat of search engine ad abuse
TeKnowledge launch signals new era for global digital services
Rebuilding after ransomware – The case of The British Library
Snowflake's Data Clean Rooms now available after Samooha acquisition
Top stories
Business leaders anxious over data security – report
Half of online traffic in 2024 generated by bots, report finds
Cisco launches Hypershield for AI-driven security upgrade
Axis unveils hybrid cloud platform for adaptable security solutions
Spirent partners with online payments platform to boost cyber defenses