Trend Micro Research Uncovers The Business Infrastructure Of Cybercrime

July 22, 2020 - 10:41
Trend Micro Research Uncovers The Business Infrastructure Of Cybercrime

Turns out criminal businesses need hosting services and cybersecurity protections too


HONG KONG, CHINA - Media OutReach - 22 July 2020 - Trend MicroIncorporated (TYO: 4704; TSE: 4704), the globalleader in cloud security, today released new insights analyzing themarket for underground hosting services and detailing how and wherecybercriminals rent the infrastructure that hosts their business. This firstreport of a planned three-part series details the market for buying and sellingthese services, which are the backbone of every other aspect of thecybercriminal business model, whether that includes sending spam, communicatingwith a command and control server, or offering a help desk for ransomware.


Over the past five years, increased use andabuse of compromised assets has formed a whole new market. There are variedtypes of underground hosting and associated services used by cybercriminals tooperate their businesses, including bulletproof hosting, virtual privatenetworks (VPNs), anonymizers, and Distributed Denial of Service (DDoS)protection. Such services could variously be used to protect availability,maintain anonymity, disrupt forensics, obfuscate physical location, and enableIP spoofing, among other things.


"Forover a decade, Trend Micro Research has dug into how cybercriminals think, asopposed to focusing only on what they do, which is critical when it comes toprotecting against them," said Robert McArdle, director of forward-looking threatresearch at Trend Micro. "Today we release the first of three-part in-depthseries on how these criminals approach their infrastructure needs, and themarkets that exist for such commodities. We hope that providing law enforcementand other stakeholders with a go-to resource on this topic will help to furtherour collective mission of making the digital world a safer place."


Cybercrime is a highly professional industry,with sales and advertisements leveraging legitimate marketing techniques andplatforms, all driven by cost to some extent. For example, one advertisementwas found for dedicated, compromised servers based in the US starting at just$3, rising to $6 with guaranteed availability for 12 hours. Although many ofthese services are traded on underground forums, some of which are invite-only,others are clearly advertised and sold via legitimate social media andmessaging platforms such as Twitter, VK and Telegram.


Infact, the line between criminality and legitimate business behavior is increasinglydifficult to discern. Some hosting providers have a legitimate clientele andadvertise openly on the internet but may have resellers that sell exclusivelyto the criminal underground -- either with or without the company's knowledge.


In thecase of bulletproof hosters, which are more definitively linked to cybercrime,they are generally regular hosting providers trying to diversify their businessto cater to the needs of specific customers. For a premium price, they'reprepared to push to the absolute limit of what the law allows and prosecutes intheir local jurisdiction.


Understandingwhere and how these services are sold, and consequently impacting the cost ofthese sales, is arguably our best strategy to help make a lasting andrepeatable dent in the cybercriminal underground market. Parts two and three ofthe series will further investigate the types of underground services andinfrastructure offered, and the operational security and motivations of theactors who sell such services.


To read the complete first report, please visit:  

About Trend Micro

Trend Micro Incorporated, a global leader in cybersecuritysolutions, helps to make the world safe for exchanging digital information. Ourinnovative solutions for consumers, businesses, and governments provide layeredsecurity for data centers, cloud environments, networks, and endpoints. All ourproducts work together to seamlessly share threat intelligence and provide aconnected threat defense with centralized visibility and control, enablingbetter, faster protection. With more than 6,000 employees in over 50 countriesand the world's most advanced global threat intelligence, Trend Micro securesyour connected world. For more information, visit