Brian Jackson - Fotolia
Proofpoint Inc. researchers found a new traffic distribution system known as BlackTDS, which the vendor says is being advertised on the dark web. What is a traffic distribution system and what should enterprise security teams know about BlackTDS?
One key aspect of phishing attacks or other cyberattacks is the way web hosting is used to distribute malware or to host web-based content, such as phishing pages or advertising. Botnets are often used to host this content; however, doing so adds to the complexity of managing the botnet and directing the compromised systems to access the botnet's content.
With the continued segmentation of malware attacks in an attack's lifecycle, a malicious actor need only assemble pieces of the attack from multiple different sources, as the development of a cloud service for this was inevitable. This approach to hosting malicious content is an extension of bulletproof hosting, an approach to content distribution where malware campaigns use servers in locations where it is difficult to take down malicious websites.
Proofpoint recently discovered a new approach to distributing malicious content called BlackTDS, a multi-tenant traffic distribution system (TDS) that is used to distribute malware exploit kits, malicious advertising and the domain names of malicious hosts. A TDS is also capable of detecting when it is being investigated and can block security researchers from taking it down.
Like other TDSes, BlackTDS also has the ability to redirect web browsers to third-party sites for the next step in an attack. Enterprise security teams should know that BlackTDS is used for distribution of malware, and teams should ensure that their security tools include updated threat intelligence to guarantee malicious network connections are identified and blocked.
Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
Cisco Talos' Thanatos ransomware decryptor can recover files affected by new ransomware that won't decrypt ransomed files even when a ransom has been... Continue Reading
A phishing campaign targeting Trezor wallets may have poisoned DNS or hijacked BGP to gain access. Learn how the attack worked and how to mitigate it... Continue Reading
Okta researchers found a bypass that allows macOS malware to pose as signed Apple files. Discover how this is possible and how to mitigate this ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.