8th April, 2019
1 Min read
Book a Demo
A threat group with possible connections to the operators of the notorious Necurs botnet has employed what security vendor Bromium this week described as an Amazon-style fulfillment model to host and distribute malware on behalf of other cybercriminals.
Reduce your AWS costs by over 50%
Discover your Cloud Saving Potential – Answer just 5 simple questions. AppsFlyer, Playtika, Lufthansa, IBM, top leading companies are already using our FinOps services.
The group is using a collection of more than one dozen US-based servers to help attackers distribute a variety of ransomware, banking Trojans, and other malware to targets located mostly within the country.
The IP addresses of the hosting servers belong to a single autonomous system — or range of IP addresses — registered with a so-called “bulletproof” hosting company in the US. Eleven of the servers hosting malware are located in a single data center in Nevada belonging to the company.
Typically, malware hosting servers are located in jurisdictions known to be uncooperative with law enforcement. The fact that this particular group is operating from within the US using a highly consolidated set of servers is significant, says a malware researcher at Bromium, who did not wish to be identified.
Read more: Dark Reading
Schedule a call with our experts. Discover new technology and get recommendations to improve your performance.