Story image

Bulletproof hosting: why cyber crims can't live without it

20 Jul 15

Bulletproof hosting services (BPHS) is a critical component of cybercrime that is often overlooked, according to security experts Trend Micro, who says online criminals would not be able to operate without it. 

The security firm says local law enforcement agencies usually turn a blind eye to BPHS because BPHS clients do not usually focus on targets in their home country.
 
Specialising in malicious, dangerous or illegal content, bulletproof hosters are home for sites that include a range of potentially harmful content, including fake goods, malware, exploits, C&C components, adult content and child exploitation - complete with customer service, Trend Micro says.
 
BPHS are hardware-, software- or application-based hosting facilities that can store any type of content and executable code, just like any regular hosting service. 

Trend Micro says these types of servers can be used to host malicious content, such as phishing sites, pornography, fake shopping and carding sites, and even command-and-control (C&C) infrastructure. 

“In short, it’s the foundation by which major cybercriminal operations are built upon,” Trend Micro explains.

Trend Micro says its latest research aims to bring these hosting services to the public eye, offering a look into the more obscure details of cybercrime. 

Through extensive research, Trend Micro says the most common malicious content hosted on BHPS consist of fake shopping sites, torrent file download sites, Blackhat SEO pseudo-sites, brute force tools, C&C components and more.

The Trend Micro research found BHPS providers’ business models consist of three models: the dedicated bulletproof server model, in which the provider knowingly hosts malicious content; the compromised dedicated server, where the provider compromises dedicated legitimate servers and rents them out to malicious parties; and abused cloud-hosting services, where legitimate service providers are being used illegally.

Besides hosting malicious content, BHPS providers also earn revenue from other services, such as technical support, infrastructure migration, protection against DDoS attacks and more. Just like a legitimate server hosting practice, they provide supplementary services for their clients, Trend Micro explains. 

The price of a hosting server depends on which business model the provider is using as well as the duration of usage. A dedicated server may cost around US$70 a month, while another can cost as much as US$5 for only one attack.

More details and in-depth analysis are available here.
 

JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t. 
Pitfalls to avoid when configuring cloud firewalls
Flexibility and granularity of security controls is good but can still represent a risk for new cloud adopters that don’t recognise some of the configuration pitfalls.
CERT NZ highlights rise of unauthorised access incidents
“In one case, the attacker gained access and tracked the business’s emails for at least six months. They gathered extensive knowledge of the business’s billing cycles."
Report finds GCSB in compliance with NZ rights
The Inspector-General has given the GCSB its compliance tick of approval for the fourth year in a row.
Securing hotel technology to protect customer information
Network security risks increase exponentially as hotels look to incorporate newer technologies to support a range of IoT devices, including smart door locks.
Why total visibility is the key to zero trust
Over time, the basic zero trust model has evolved and matured into what Forrester calls the Zero Trust eXtended (ZTX) Ecosystem.
Gartner names Proofpoint Leader in enterprise information archiving
The report provides a detailed overview of the enterprise information archiving market and evaluates vendors based on completeness of vision and ability to execute.
WatchGuard appoints new channel distributors in A/NZ
The appointments will enable WatchGuard to expand its regional channel reseller footprint.