Bulletproof hosting services, which thrive in countries with relaxed cybercrime laws and enforcement, enable cybercriminals to stand up the infrastructure necessary to support their malicious activities. To protect against threats originating from domains hosted in these regions, CISOs have implemented blocking strategies and aligned security teams accordingly.
The latest research findings from Symantec’s DeepSight Managed Adversary and Threat Intelligence (MATI) team, however, might influence this defensive strategy. Symantec’s MATI team of intelligence analysts and collectors are dedicated to understanding the adversary ecosystem and in providing insightful reports on adversaries including their plans, tactics, tools, and attack campaigns to enable customers to better prepare for, identify and disrupt their activities.
In a recent report, the team identified the following findings:
- An increase in advertisements on Russian-language cybercrime forums for bulletproof hosting services that use servers and data centers in the Middle East and North Africa region (MENA), specifically Turkey, Lebanon, Egypt, and Iran.
- Advertised prices for bulletproof hosting that are lower in MENA region data centers when compared to costs for similar services in other regions.
- The number of malware samples connecting to infrastructure in Turkey, Iran, and Egypt – three countries that MATI observed being heavily advertised – for the first two quarters of 2016 surpassed identified activity in 2015.
The increase in MENA-based bulletproof hosting parallels a rise in data center and cloud traffic growth throughout that region. According to recent global Internet studies, continued growth of traffic in the MENA region is expected to be at a rate of nearly 50% by 2019.
What does this mean for security and technology leaders?
As security plans are formed and resources allocated, IT leaders may want to take a look at their operations and consider the following options:
- Include the DeepSight team’s MENA-based malicious IP addresses and domains in existing alerts, blocking policies and processes.
- Examine the nature of hosting organizations when seeking facilities in MENA region countries. Review the MATI team’s known nefarious MENA-based bulletproof hosting operations when entering new markets or introducing new technologies into the corporate ecosystem.
- Ensure adequate resources are in place to understand and identify possible threats originating from the MENA region. Focus on threats that pose a risk to the confidentiality, integrity, and availability of mission-critical assets and resources.
Stay Tuned
Research into this emerging threat in MENA is just beginning. Check back in the coming weeks for more on what the MATI team uncovers on bulletproof hosting in MENA countries.
Get More Insights
To learn more, visit the DeepSight Adversary Intelligence page to download a sample intelligence report and understand how we develop insights into changes in the threat environment.
Also, visit us at booth #523 on August 3rd and 4th at the Black Hat Conference.