EclecticIQ
nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

The Dark Side of Web Hosting Services

What you need to know about bulletproof hosting services

EclecticIQ Threat Research Team February 22, 2022

While the latest cyber exploits grab headlines, a less-dramatic side of threat activity also deserves attention: bulletproof hosting services (BPHS). These web hosting sites specialize in providing resilient internet hosting services which are valuable to cyber criminals wanting to avoid regulatory and legal scrutiny. They enable their customers to host data and services that would be disallowed by other providers or could be easily removed by law enforcement.

Gaining real-time insights into BPHS can help your security team better understand – and counter – potential threats.

Threat actors need hosting services, too 

Just as legitimate organizations depend on web hosting to store web content and provide internet connectivity, many cybercriminals need third-party infrastructure and services to host malicious websites, content, exploits, and other activities.  

To meet this need, BPHS operators deliver web hosting services with a twist: they help customers maintain anonymity and avoid takedowns by regulators and law enforcement agencies.  

To do this, hosting providers may: 

  • Physically locate their servers in countries with fewer laws and regulations about the type of content they host, and less-strict extradition laws. For example, some underground actors perceive The Netherlands or Luxembourg as a “safe” place to host gambling-related content. 
  • Bribe officials to shield themselves from regulatory action.
  • Take a “don’t ask, don’t tell” approach to customer content and activities hosted on their site.
  • Provide early notifications of takedown requests so customers have time to move their operations and avoid downtime.
  • Support anonymous cryptocurrency payments such as Ethereum, Monero, Bitcoin, or Zcash.

These strategies can make it difficult to investigate and prosecute BPHS operators, particularly when they distribute their assets and operations across several countries. However, occasionally they are charged, apprehended, or extradited. In one case, four Russian nationals pleaded guilty to operating a BPHS that provided hosting and command and control (C&C) servers for malware including Zeus, SpyEye, Citadel, and Blackhole. They were extradited to the United States, where they received various jail sentences from the U.S. Department of Justice.  

BPHS operators face competition, customer expectations

Despite their focus on anonymity and evading regulators, BPHS providers mirror their mainstream peers in multiple ways. They face stiff competition that requires advertising, and they often provide customers with value-added features like hosting plans, service tiers, and guarantees. Typical services include: 

  • DoS protection
  • Backup plans
  • Domain name registration
  • Virtual private servers (VPS) or virtual dedicated servers (VDS).
  • 24/7 technical support

One of the competitive differentiators among BPHS providers is the type of infrastructure arrangement they use. There are three primary models: 

  1. Developing a privately owned, in-house/custom data center. Because this type of infrastructure is built specifically for hosting malicious and illegal content, it delivers the highest level of availability and anonymity. From the viewpoint of criminals, a hosting provider with physical control of its infrastructure represents greater security and availability. (One of the most famous BPHS providers of this type was the CyberBunker).
  2. Leasing commercial infrastructure for an extended period. Some providers lease infrastructure from larger legitimate providers and resell it on the cybercriminal market. They hide customers’ malicious traffic within legitimate network traffic. 
  3. Reselling compromised assets.  Some BPHS operators run their service on infected servers whose owners are unaware of having been compromised. This model is usually viable for only a limited time because the legitimate owners may discover the breach to their systems. Criminals typically use this type of BPHS for short-term activities like spam distribution, mass scanning, brute-forcing, or hosting of reverse proxies. 

Why you should care about BPHS 

Although its extent is hard to quantify, most security experts believe bulletproof hosting supports a significant portion of cybercrime. That’s why it’s important for security teams to learn about BPHS providers, their infrastructure, and how they operate. This knowledge can help your team devise ways to defend against threats launched from BPHS sites.  

EclecticIQ recently enhanced its Commercial Sources Feed for EclecticIQ Intelligence Center with exclusive data on cybercriminal infrastructure (IP addresses, domain names, etc.) tied to BPHS providers. This gives our customers a contextual weapon in their arsenal to block attackers instead of having to rely on IP reputation scores. And knowing that a domain is hosted on a service that caters to criminals helps SOC analysts in making a better judgment while assessing incidents or alerts. 

Want to know more?

Contact us for details about this unique source of insights into the world of bulletproof hosting.

Receive all our latest updates

Subscribe to receive the latest EclecticIQ news, event invites, and Threat Intelligence blog posts.

Explore all topics

© 2014 – 2022 EclecticIQ B.V.
EclecticIQ. Intelligence, Hunting, Response.
Get demo