RiskAnalytics Analyzes Crimeware Hosted on Dark Cloud Network

LEAWOOD, Kan., June 8, 2016 /PRNewswire-USNewswire/ -- RiskAnalytics, a leading provider of security solutions for mid-market enterprises, today released a new report describing crimeware using a fast flux botnet that has spread globally. Fast flux botnets provide criminals with a black market cloud hosting environment built on resources from infected computers. Over the past 6 months, the threat intelligence team at RiskAnalytics closely tracked this particular botnet and identified a number of crimeware campaigns that operate within it.

"The botnet consists of thousands of infected endpoints -- mostly broadband subscribers in Eastern Europe," said Noah Dunker, Director of Security Labs at RiskAnalytics. "It's a highly functional network, practically a black market version of commercial cloud and content delivery networks. Some of the systems are used for ransomware campaigns and others provide dynamic scaled content delivery, hosting malware and carder sites."

Over the course of the research, RiskAnalytics' research team discovered that:

• A fast flux proxy network is actively being used in several targeted or global crimeware campaigns.
• The network uses fast flux and reverse proxies to provide bulletproof hosting services.
• Thousands of systems are participating in this unusually complex botnet arrangement driven by crimeware -- malicious code designed to facilitate fraud, identity theft, ransomware and other illegal activity.
• Users of the infected endpoints could be unaware that their systems are participating in this botnet.
• The infrastructure is used by botnets, spambots, click fraud, credential stealers, ransomware and trojans.
• Websites selling stolen credit card data -- carder sites -- have been using the network for years.
  Of the campaigns analyzed - IP addresses in the Ukraine host most of this fast flux proxy infrastructure - almost 84% of it. Russia hosts 12% and Romania hosts 3% with a small mix of global countries accounting for the rest.

"This research affirms what our automated systems and team discover on a daily basis as we strive to protect our clients. Crimeware is alive and thriving because of networks that hide the source of criminal activity behind a myriad of IP addresses and domains," said Wayne Crowder, Director of Threat Intelligence at RiskAnalytics.

The threat intelligence team at RiskAnalytics has published its initial research findings in this report, "Dark Cloud Network Facilitates Crimeware" and plans to continue its research in order to uncover and further expose the mechanics and scope of this threat.

For more information on this report, visit: https://www.riskanalytics.com.

About RiskAnalytics
RiskAnalytics provides mid sized enterprises with proactive cyber risk management and security. Through our managed service model, we increase the efficiency of existing tools, applications and devices on the network by eliminating high volumes of nefarious and unwanted inbound and outbound traffic. RiskAnalytics makes threat intelligence more accessible to mid-market enterprises and mechanizes manual, human-intensive threat response processes, allowing them to focus limited security resources on proactive cyber security strategies and training. By integrating employee training and policy compliance into a single, easy-to-use platform, RiskAnalytics can reduce employee mistakes that allow criminals to bypass technical security controls.  For more information, please visit: www.riskanalytics.com.

SOURCE RiskAnalytics

Related Links

http://www.riskanalytics.com