Threat correlation and visibility creates effective means to render cybercrime profitless
HONGKONG, CHINA - Media OutReach - 13 October2020 - Trend Micro Incorporated (TYO: 4704; TSE: 4704), the leader in cloud security, today released key ways to identify anddisrupt criminal market operations to conclude a three-part report series onthe underground hosting market. In the report, researchers outline theinfrastructure business approaches of attackers to help security teams and lawenforcement agencies best recognize, defend against, and disrupt them.
Understanding criminal operations, motivations andbusiness models is key to dismantling the bulletproof hosting industry on whichthe majority of global cybercrime is built.
"Increasingly, mature organizations have SOC andXDR capabilities, which means security teams today have moved into the realm ofalso being investigators," said Robert McArdle, director of forward-lookingthreat research at Trend Micro. "At that level of security sophistication, youneed to understand how the criminals operate to strategically defend againstattackers. We hope this report provides insight into cybercriminal operationsthat can prove actionable for organizations and ultimately make hosters loseprofits."
Bulletproof hosters (BPH) are the root ofcybercriminal infrastructure and therefore use a sophisticated business modelto outlast takedown efforts. These include flexibility, professionalism andoffering a range of services to cater to an array of customer needs.
The report details several effective methods tohelp investigators identify underground hosters, including:
- Identify whichIP ranges are in public block deny lists, or those associated with a largenumber of public abuse requests, as those may be indicative of BPH.
- Analyze autonomous system behavior and peeringinformation patterns to flag activity that is likely associated to BPH.
- Once one BPH host has been detected,use machine fingerprinting to detect others that may be linked to the sameprovider.
The report also lists methods for law enforcementagencies and businesses to disrupt underground hosting businesses, withoutnecessarily needing to identify or takedown their servers. These include:
- Submit properly documented abuserequests to the suspected underground hosting provider and upstream peers.
- Add BPH network ranges towell-established deny lists.
- Increase the operational costs of theBPH, to impair business stability.
- Undermine thereputation of the BPH on the cybercrime underground: perhaps via covert accounts that call intoquestion the security of the criminal hosting provider or discuss possiblecollaboration with authorities.
To read the full report, please visit: https://www.trendmicro.com/vinfo/hk/security/news/cybercrime-and-digital-threats/inside-the-bulletproof-hosting-business-cybercrime-methods-opsec.
About Trend Micro
Trend Micro, aglobal leader in cybersecurity, helps make the world safe for exchangingdigital information. Leveraging over 30 years of security expertise, globalthreat research, and continuous innovation, Trend Micro enables resilience forbusinesses, governments, and consumers with connected solutions across cloudworkloads, endpoints, email, IIoT, and networks. Our XGen™ security strategypowers our solutions with a cross-generational blend of threat-defensetechniques that are optimized for key environments and leverage shared threatintelligence for better, faster protection. With over 6,700 employees in 65countries, and the world's most advanced global threat research andintelligence, Trend Micro enables organizations to secure their connected world www.trendmicro.com.hk.