Brian Jackson - Fotolia
Proofpoint Inc. researchers found a new traffic distribution system known as BlackTDS, which the vendor says is being advertised on the dark web. What is a traffic distribution system and what should enterprise security teams know about BlackTDS?
One key aspect of phishing attacks or other cyberattacks is the way web hosting is used to distribute malware or to host web-based content, such as phishing pages or advertising. Botnets are often used to host this content; however, doing so adds to the complexity of managing the botnet and directing the compromised systems to access the botnet's content.
With the continued segmentation of malware attacks in an attack's lifecycle, a malicious actor need only assemble pieces of the attack from multiple different sources, as the development of a cloud service for this was inevitable. This approach to hosting malicious content is an extension of bulletproof hosting, an approach to content distribution where malware campaigns use servers in locations where it is difficult to take down malicious websites.
Proofpoint recently discovered a new approach to distributing malicious content called BlackTDS, a multi-tenant traffic distribution system (TDS) that is used to distribute malware exploit kits, malicious advertising and the domain names of malicious hosts. A TDS is also capable of detecting when it is being investigated and can block security researchers from taking it down.
Like other TDSes, BlackTDS also has the ability to redirect web browsers to third-party sites for the next step in an attack. Enterprise security teams should know that BlackTDS is used for distribution of malware, and teams should ensure that their security tools include updated threat intelligence to guarantee malicious network connections are identified and blocked.
Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
Enterprises have many options for email security best practices, ranging from deploying email security protocols to educating end users on the ... Continue Reading
Cyberattacks often begin with a port scan attack, which attackers use to find exploitable vulnerabilities on targeted systems. Learn how they work ... Continue Reading
Monitoring process memory is one way to combat fileless malware attacks. Here's what you can do to protect your network against these campaigns. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.