The Hacker Infrastructure and Underground Hosting: An Overview of the Cybercriminal Market

The Hacker Infrastructure and Underground Hosting: An Overview of the Cybercriminal Market

Underground Hosting Series

This paper is the first of a three-part series that aims to cover the broad topic of underground infrastructures. It has been over five years since we published an article on underground hosting, and the situation regarding its infrastructure has changed significantly, as did the tools used by threat actors. We have noticed that a certain type of threat actor is now extensively using cloud services in their attack toolchain, along with widely abused “free” services such as free DNS domains, free content hosting abuse, and social networks.

The use and abuse of compromised assets have also become more significant. Acquisition, analysis, and resale of compromised assets formed a whole new market in the underground. Compromised asset analysis, wherein criminal experts examine the compromised assets and identify the best possible ways to monetize the system, is now an essential part of the attack chain.

    Fill the form to know more

    (mandatory) By downloading this content, you expressly opt-in and give consent for your name and contact information to be shared with Trend Micro who may contact you regarding the content. I agree to communications and processing of personal data according to Trend Micro’s privacy policy.