Brian Jackson - Fotolia

Q
Manage Learn to apply best practices and optimize your operations.

BlackTDS: How can enterprise security teams avoid an attack?

Proofpoint researchers found a bulletproof hosting evolution, BlackTDS, this is believed to be advertised on the dark web. Learn what security teams should know with Nick Lewis.

Proofpoint Inc. researchers found a new traffic distribution system known as BlackTDS, which the vendor says is being advertised on the dark web. What is a traffic distribution system and what should enterprise security teams know about BlackTDS?

One key aspect of phishing attacks or other cyberattacks is the way web hosting is used to distribute malware or to host web-based content, such as phishing pages or advertising. Botnets are often used to host this content; however, doing so adds to the complexity of managing the botnet and directing the compromised systems to access the botnet's content.

With the continued segmentation of malware attacks in an attack's lifecycle, a malicious actor need only assemble pieces of the attack from multiple different sources, as the development of a cloud service for this was inevitable. This approach to hosting malicious content is an extension of bulletproof hosting, an approach to content distribution where malware campaigns use servers in locations where it is difficult to take down malicious websites.

Proofpoint recently discovered a new approach to distributing malicious content called BlackTDS, a multi-tenant traffic distribution system (TDS) that is used to distribute malware exploit kits, malicious advertising and the domain names of malicious hosts. A TDS is also capable of detecting when it is being investigated and can block security researchers from taking it down.

Like other TDSes, BlackTDS also has the ability to redirect web browsers to third-party sites for the next step in an attack. Enterprise security teams should know that BlackTDS is used for distribution of malware, and teams should ensure that their security tools include updated threat intelligence to guarantee malicious network connections are identified and blocked.

Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)

This was last published in September 2018

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

How does bulletproof hosting play a role in your enterprise?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close