Express Computer
Home  »  News  »  Trend Micro Research Reveals Top Tactics to Disrupt Underground Hosting Businesses

Trend Micro Research Reveals Top Tactics to Disrupt Underground Hosting Businesses

0 25
Read Article

Trend Micro Incorporated recently released key ways to identify and disrupt criminal market operations to conclude a three-part report series on the underground hosting market. In the report, researchers outline the infrastructure business approaches of attackers to help security teams and law enforcement agencies best recognize, defend against, and disrupt them.

Understanding criminal operations, motivations and business models is key to dismantling the bulletproof hosting industry on which the majority of global cybercrime is built.

“Increasingly, mature organizations have SOC and XDR capabilities, which means security teams today have moved into the realm of also being investigators,” said Robert McArdle, director of forward-looking threat research at Trend Micro. “At that level of security sophistication, you need to understand how the criminals operate to strategically defend against attackers. We hope this report provides insight into cybercriminal operations that can prove actionable for organizations and ultimately make hosters lose profits.”

Bulletproof hosters (BPH) are the root of cybercriminal infrastructure and therefore use a sophisticated business model to outlast takedown efforts. These include flexibility, professionalism and offering a range of services to cater to an array of customer needs.

The report details several effective methods to help investigators identify underground hosters, including:

* Identify which IP ranges are in public block deny lists, or those associated with a large number of public abuse requests, as those may be indicative of BPH.
* Analyze autonomous system behavior and peering information patterns to flag activity that is likely associated to BPH.
* Once one BPH host has been detected, use machine fingerprinting to detect others that may be linked to the same provider.

The report also lists methods for law enforcement agencies and businesses to disrupt underground hosting businesses, without necessarily needing to identify or takedown their servers. These include:

  • Submit properly documented abuse requests to the suspected underground hosting provider and upstream peers
  •  Add BPH network ranges to well-established deny lists
  • Increase the operational costs of the BPH, to impair business stability
  • Undermine the reputation of the BPH on the cybercrime underground: perhaps via covert accounts that call into question the security of the criminal hosting provider or discuss possible collaboration with authorities

If you have an interesting article / experience / case study to share, please get in touch with us at [email protected]


Get real time updates directly on you device, subscribe now.

Subscribe to our newsletter
Sign up here to get the latest news, updates delivered directly to your inbox.
You can unsubscribe at any time

Leave A Reply

Your email address will not be published.

Virtual Conference

Leading the future for the connected world

The ability to adapt to new technologies while supporting critical systems requires a smart network infrastructure.
Know how to deliver a seamless customer experience from cable to cloud.
Register for Free