There are many facets to a cybercriminal operation, and one of them that is often overlooked—but is no less significant—is the hosting servers from which they launch their attacks. Commonly known in the industry as Bulletproof Hosting Servers (BPHS), these are hardware-, software- or application-based hosting facilities that can store any type of content and executable code, just like any regular hosting service. What makes them different? These types of servers can be used to host malicious content, such as phishing sites, pornography, fake shopping and carding sites, and even command-and-control (C&C) infrastructure. In short, it’s the foundation by which major cybercriminal operations are built upon..
This latest research aims to bring these hosting services to the public eye, offering a look into the more obscure details of cybercrime. Specifically, it seeks to answer the following questions:
- What malicious content is most commonly hosted with these services
- What are the business models being used by BPHS providers
- How BPHS providers stay in business
- How much do BPHS services cost for the common cybercriminal
Through extensive research, we are able to provide the following answers:
- The most common malicious content hosted on BPHS consist of fake shopping sites, torrent file download sites, Blackhat SEO pseudo-sites, brute force tools, C&C components and more.
- BPHS providers’ business models consist of three models: a.) the dedicated bulletproof server model, in which the provider knowingly hosts malicious content; b.) the compromised dedicated server, where the provider compromises dedicated legitimate servers and rents them out to malicious parties, and c.) abused cloud-hosting services, where legitimate service providers are being used illegally.
- Besides hosting malicious content, BPHS providers also earn revenue from other services, such as technical support, infrastructure migration, protection against DDoS attacks and more. Just like a legitimate server hosting practice, they provide supplementary services for their clients.
- The price of a hosting server depends on which business model the provider is using as well as the duration of usage. A dedicated server may cost around US$70 a month, while another can cost as much as US$5 for only one attack.
More details and in-depth analysis are available in the full paper, Cybercriminal Hideouts for Lease: BulletProof Hosting Services.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: Trigona
- Steering Clear of Security Blind Spots: What SOCs Need to Know
- Understanding the Kubernetes Security Triad: Image Scanning, Admission Controllers, and Runtime Security
- Preempting Threats to Connected Cars: The Importance of Cybersecurity in a Data-Driven Automotive Ecosystem
- Your Stolen Data for Sale