Brian Jackson - Fotolia
Proofpoint Inc. researchers found a new traffic distribution system known as BlackTDS, which the vendor says is being advertised on the dark web. What is a traffic distribution system and what should enterprise security teams know about BlackTDS?
One key aspect of phishing attacks or other cyberattacks is the way web hosting is used to distribute malware or to host web-based content, such as phishing pages or advertising. Botnets are often used to host this content; however, doing so adds to the complexity of managing the botnet and directing the compromised systems to access the botnet's content.
With the continued segmentation of malware attacks in an attack's lifecycle, a malicious actor need only assemble pieces of the attack from multiple different sources, as the development of a cloud service for this was inevitable. This approach to hosting malicious content is an extension of bulletproof hosting, an approach to content distribution where malware campaigns use servers in locations where it is difficult to take down malicious websites.
Proofpoint recently discovered a new approach to distributing malicious content called BlackTDS, a multi-tenant traffic distribution system (TDS) that is used to distribute malware exploit kits, malicious advertising and the domain names of malicious hosts. A TDS is also capable of detecting when it is being investigated and can block security researchers from taking it down.
Like other TDSes, BlackTDS also has the ability to redirect web browsers to third-party sites for the next step in an attack. Enterprise security teams should know that BlackTDS is used for distribution of malware, and teams should ensure that their security tools include updated threat intelligence to guarantee malicious network connections are identified and blocked.
Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
Enterprises new to the cloud can write new security policies from scratch, but others with broad cloud usage may need an update. Consider these ... Continue Reading
Cloud security providers need to play catch-up with the evolving advancements in cloud technology. Find out what the top CSPs offer today and which ... Continue Reading
Cloud security certifications serve to bolster security professionals' resumes and boost value to employers. Learn about the top certifications ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.