Trend Micro Incorporated released key ways to identify and disrupt criminal market operations to conclude a three-part report series on the underground hosting market. In the report, researchers outline the infrastructure business approaches of attackers to help security teams and law enforcement agencies best recognize, defend against, and disrupt them. Understanding criminal operations, motivations and business models is key to dismantling the bulletproof hosting industry on which the majority of global cybercrime is built.
“Increasingly, mature organizations have SOC and XDR capabilities, which means security teams today have moved into the realm of also being investigators,” said Robert McArdle, director of forward-looking threat research at Trend Micro. “At that level of security sophistication, you need to understand how the criminals operate to strategically defend against attackers. We hope this report provides insight into cybercriminal operations that can prove actionable for organizations and ultimately make hosters lose profits.”
Bulletproof hosters (BPH) are the root of cybercriminal infrastructure and therefore use a sophisticated business model to outlast takedown efforts. These include flexibility, professionalism and offering a range of services to cater to an array of customer needs.
The report details several effective methods to help investigators identify underground hosters, including:
- Identify which IP ranges are in public block deny lists, or those associated with a large number of public abuse requests, as those may be indicative of BPH.
- Analyze autonomous system behavior and peering information patterns to flag activity that is likely associated to BPH.
- Once one BPH host has been detected, use machine fingerprinting to detect others that may be linked to the same provider.
The report also lists methods for law enforcement agencies and businesses to disrupt underground hosting businesses, without necessarily needing to identify or takedown their servers. These include:
- Submit properly documented abuse requests to the suspected underground hosting provider and upstream peers.
- Add BPH network ranges to well-established deny lists.
- Increase the operational costs of the BPH, to impair business stability.
- Undermine the reputation of the BPH on the cybercrime underground: perhaps via covert accounts that call into question the security of the criminal hosting provider or discuss possible collaboration with authorities.
I think other website owners should take this website as an example , very clean and superb user friendly style.
I really love your website.. Great colors & theme. Did you create this web site yourself? Please reply back as I’m hoping to create my own personal site and would like to learn where you got this from or what the theme is named. Many thanks!|
hi!,I like your writing very much! share we communicate more about your post on AOL? I need a specialist on this area to solve my problem. May be that’s you! Looking forward to see you.
Its like you read my mind! You appear to grasp a lot approximately this, such as you wrote the book in it or something. I feel that you just can do with some % to power the message house a bit, but instead of that, this is excellent blog. A fantastic read. I will definitely be back.|
I was very happy to seek out this internet-site.I needed to thanks for your time for this glorious learn!! I definitely having fun with each little bit of it and I’ve you bookmarked to take a look at new stuff you blog post.
Good V I should certainly pronounce, impressed with your site. I had no trouble navigating through all tabs and related info ended up being truly easy to do to access. I recently found what I hoped for before you know it at all. Reasonably unusual. Is likely to appreciate it for those who add forums or anything, site theme . a tones way for your customer to communicate. Nice task..
There is apparently a lot to know about this. I feel you made some good points in features also.