Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

7/21/2020
12:10 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Trend Micro Research Uncovers the Business Infrastructure of Cybercrime

Turns out criminal businesses need hosting services and cybersecurity protections too.

DALLAS, July 21, 2020 – Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global leader in cybersecurity solutions, today released new insights analyzing the market for underground hosting services and detailing how and where cybercriminals rent the infrastructure that hosts their business. This first report of a planned three-part series details the market for buying and selling these services, which are the backbone of every other aspect of the cybercriminal business model, whether that includes sending spam, communicating with a command and control server, or offering a help desk for ransomware.

Over the past five years, increased use and abuse of compromised assets has formed a whole new market. There are varied types of underground hosting and associated services used by cybercriminals to operate their businesses, including bulletproof hosting, virtual private networks (VPNs), anonymizers, and Distributed Denial of Service (DDoS) protection. Such services could variously be used to protect availability, maintain anonymity, disrupt forensics, obfuscate physical location, and enable IP spoofing, among other things.

“For over a decade, Trend Micro Research has dug into how cybercriminals think, as opposed to focusing only on what they do, which is critical when it comes to protecting against them,” said Robert McArdle, director of forward-looking threat research at Trend Micro. “Today we release the first of a three-part in-depth series on how these criminals approach their infrastructure needs, and the markets that exist for such commodities. We hope that providing law enforcement and other stakeholders with a go-to resource on this topic will help to further our collective mission of making the digital world a safer place.”

Cybercrime is a highly professional industry, with sales and advertisements leveraging legitimate marketing techniques and platforms, all driven by cost to some extent. For example, one advertisement was found for dedicated, compromised servers based in the US starting at just $3, rising to $6 with guaranteed availability for 12 hours. Although many of these services are traded on underground forums, some of which are invite-only, others are clearly advertised and sold via legitimate social media and messaging platforms such as Twitter, VK and Telegram.

In fact, the line between criminality and legitimate business behavior is increasingly difficult to discern. Some hosting providers have a legitimate clientele and advertise openly on the internet but may have resellers that sell exclusively to the criminal underground – either with or without the company's knowledge.

In the case of bulletproof hosters, which are more definitively linked to cybercrime, they are generally regular hosting providers trying to diversify their business to cater to the needs of specific customers. For a premium price, they’re prepared to push to the absolute limit of what the law allows and prosecutes in their local jurisdiction.

Understanding where and how these services are sold, and consequently impacting the cost of these sales, is arguably our best strategy to help make a lasting and repeatable dent in the cybercriminal underground market. Parts two and three of the series will further investigate the types of underground services and infrastructure offered, and the operational security and motivations of the actors who sell such services.

To read the complete first report, please visit: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/hacker-infrastructure-and-underground-hosting-101-where-are-cybercriminal-platforms-offered.

About Trend Micro

Trend Micro Incorporated, a global leader in cybersecurity solutions, helps to make the world safe for exchanging digital information. Our innovative solutions for consumers, businesses, and governments provide layered security for data centers, cloud environments, networks, and endpoints. All our products work together to seamlessly share threat intelligence and provide a connected threat defense with centralized visibility and control, enabling better, faster protection. With more than 6,000 employees in over 50 countries and the world’s most advanced global threat intelligence, Trend Micro enables organizations to secure their journey to the cloud. For more information, visit www.trendmicro.com.

 

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
New 'Nanodegree' Program Provides Hands-On Cybersecurity Training
Nicole Ferraro, Contributing Writer,  8/3/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-12777
PUBLISHED: 2020-08-10
A function in Combodo iTop contains a vulnerability of Broken Access Control, which allows unauthorized attacker to inject command and disclose system information.
CVE-2020-12778
PUBLISHED: 2020-08-10
Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack.
CVE-2020-12779
PUBLISHED: 2020-08-10
Combodo iTop contains a stored Cross-site Scripting vulnerability, which can be attacked by uploading file with malicious script.
CVE-2020-12780
PUBLISHED: 2020-08-10
A security misconfiguration exists in Combodo iTop, which can expose sensitive information.
CVE-2020-12781
PUBLISHED: 2020-08-10
Combodo iTop contains a cross-site request forgery (CSRF) vulnerability, attackers can execute specific commands via malicious site request forgery.