Story image

Bulletproof hosting: why cyber crims can't live without it

20 Jul 15

Bulletproof hosting services (BPHS) is a critical component of cybercrime that is often overlooked, according to security experts Trend Micro, who says online criminals would not be able to operate without it. 

The security firm says local law enforcement agencies usually turn a blind eye to BPHS because BPHS clients do not usually focus on targets in their home country.
 
Specialising in malicious, dangerous or illegal content, bulletproof hosters are home for sites that include a range of potentially harmful content, including fake goods, malware, exploits, C&C components, adult content and child exploitation - complete with customer service, Trend Micro says.
 
BPHS are hardware-, software- or application-based hosting facilities that can store any type of content and executable code, just like any regular hosting service. 

Trend Micro says these types of servers can be used to host malicious content, such as phishing sites, pornography, fake shopping and carding sites, and even command-and-control (C&C) infrastructure. 

“In short, it’s the foundation by which major cybercriminal operations are built upon,” Trend Micro explains.

Trend Micro says its latest research aims to bring these hosting services to the public eye, offering a look into the more obscure details of cybercrime. 

Through extensive research, Trend Micro says the most common malicious content hosted on BHPS consist of fake shopping sites, torrent file download sites, Blackhat SEO pseudo-sites, brute force tools, C&C components and more.

The Trend Micro research found BHPS providers’ business models consist of three models: the dedicated bulletproof server model, in which the provider knowingly hosts malicious content; the compromised dedicated server, where the provider compromises dedicated legitimate servers and rents them out to malicious parties; and abused cloud-hosting services, where legitimate service providers are being used illegally.

Besides hosting malicious content, BHPS providers also earn revenue from other services, such as technical support, infrastructure migration, protection against DDoS attacks and more. Just like a legitimate server hosting practice, they provide supplementary services for their clients, Trend Micro explains. 

The price of a hosting server depends on which business model the provider is using as well as the duration of usage. A dedicated server may cost around US$70 a month, while another can cost as much as US$5 for only one attack.

More details and in-depth analysis are available here.
 

DigiPlex’s data centre heat reuse system wins award
Its solution to reuse heat to warm thousands of local homes took out the accolade at the recent 2018 Energy Awards.
STT GDC to build hyperscale data centre in Singapore
ST Telemedia Global Data Centres (STT GDC) today unveiled ambitious plans for expansion with its largest data centre in Singapore to date.
Golden opportunities for enterprise e-waste reduction
E-waste is a hot topic in tech circles, and Park Place's EMEA MD believes there could be huge opportunities if data centres and enterprises improve their practices.
How Schneider Electric aims to simplify IT management
With IT Expert, Schneider Electric aims to ensure secure, vendor agnostic, wherever-you-go monitoring and visibility of all IoT-enabled physical infrastructure assets.
Pitfalls to avoid when configuring cloud firewalls
Flexibility and granularity of security controls is good but can still represent a risk for new cloud adopters that don’t recognise some of the configuration pitfalls.
Cisco dominates record-high Ethernet switch & router markets
While the market is flourishing, it’s tough-going as Cisco has increased its majority share of the pie.
Why total visibility is the key to zero trust
Over time, the basic zero trust model has evolved and matured into what Forrester calls the Zero Trust eXtended (ZTX) Ecosystem.
Gartner names Proofpoint Leader in enterprise information archiving
The report provides a detailed overview of the enterprise information archiving market and evaluates vendors based on completeness of vision and ability to execute.