Story image

Bulletproof hosting: why cyber crims can't live without it

20 Jul 2015

Bulletproof hosting services (BPHS) is a critical component of cybercrime that is often overlooked, according to security experts Trend Micro, who says online criminals would not be able to operate without it. 

The security firm says local law enforcement agencies usually turn a blind eye to BPHS because BPHS clients do not usually focus on targets in their home country.   Specialising in malicious, dangerous or illegal content, bulletproof hosters are home for sites that include a range of potentially harmful content, including fake goods, malware, exploits, C&C components, adult content and child exploitation - complete with customer service, Trend Micro says.   BPHS are hardware-, software- or application-based hosting facilities that can store any type of content and executable code, just like any regular hosting service. 

Trend Micro says these types of servers can be used to host malicious content, such as phishing sites, pornography, fake shopping and carding sites, and even command-and-control (C&C) infrastructure. 

“In short, it’s the foundation by which major cybercriminal operations are built upon,” Trend Micro explains.

Trend Micro says its latest research aims to bring these hosting services to the public eye, offering a look into the more obscure details of cybercrime. 

Through extensive research, Trend Micro says the most common malicious content hosted on BHPS consist of fake shopping sites, torrent file download sites, Blackhat SEO pseudo-sites, brute force tools, C&C components and more.

The Trend Micro research found BHPS providers’ business models consist of three models: the dedicated bulletproof server model, in which the provider knowingly hosts malicious content; the compromised dedicated server, where the provider compromises dedicated legitimate servers and rents them out to malicious parties; and abused cloud-hosting services, where legitimate service providers are being used illegally.

Besides hosting malicious content, BHPS providers also earn revenue from other services, such as technical support, infrastructure migration, protection against DDoS attacks and more. Just like a legitimate server hosting practice, they provide supplementary services for their clients, Trend Micro explains. 

The price of a hosting server depends on which business model the provider is using as well as the duration of usage. A dedicated server may cost around US$70 a month, while another can cost as much as US$5 for only one attack.

More details and in-depth analysis are available here.  

Orange Belgium opens 1,000 sqm Antwerp data centre
It consists of more than 500 high-density 52 unit racks, installed on the equivalent of 12 tennis courts.
Time to build tech on the automobile, not the horse and cart
Nutanix’s Jeff Smith believes one of the core problems of businesses struggling to digitally ‘transform’ lies in the infrastructure they use, the data centre.
Cloud providers increasingly jumping into gaming market
Aa number of major cloud service providers are uniquely placed to capitalise on the lucrative cloud gaming market.
Intel building US’s first exascale supercomputer
Intel and the Department of Energy are building potentially the world’s first exascale supercomputer, capable of a quintillion calculations per second.
NVIDIA announces enterprise servers optimised for data science
“The rapid adoption of T4 on the world’s most popular business servers signals the start of a new era in enterprise computing."
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.
Storage is all the rage, and SmartNICs are the key
Mellanox’s Kevin Deierling shares the results from a new survey that identifies the key role of the network in boosting data centre performance.
Opinion: Moving applications between cloud and data centre
OpsRamp's Bhanu Singh discusses the process of moving legacy systems and applications to the cloud, as well as pitfalls to avoid.