A recent study by the virtualization company Bromium has found that US-based web servers are used by cyber criminals to host and distribute banking trojans, information enthusiasts and ransomware.
The company analyzed its own threat and public data between May 2018 and March 2019 to show that malicious threats came from web servers in Las Vegas, Nevada registered under the name PONYNET and hosted on BuyVM data centers.
BuyVM is actually owned by FranTech solutions, a hosting provider that has been shown to contain links to far-right websites.
- How web hosting influences security
- IoT devices now have top priority for cyber criminals
- What are the different types of web hosting?
The Bromium team has found at least ten types of malware that can be traced on the servers, including Dirdex, Gootkit, IcedID, Nymaim, Trickbot, Fareit, Neutrino, AZORult, Gandcrab and Hermes.
Further investigation of the emails and infected documents used in the campaigns revealed that they were all in English and targeted American companies. 42 percent of the infected documents claimed to be job applications or resumes and 21 percent extra as unpaid invoices.
The cyber criminals behind the malware attacks have even used the same servers multiple times, combining first and second phase malware for the same campaign or hosting different campaigns each week.
A spokesperson for Bromium provided further insight into the discovery and said:
"These findings demonstrate the continued effectiveness of phishing to spread malware and infect corporate systems. Phishing emails are more difficult to recognize and hackers know they only need to do it once. To defend themselves against these threats, organizations use layered cyber security defenses that use application isolation to contain malicious threats, while offering high-risk telemetry about the hacker's intent, allowing employees to do their job without worrying about the source of a violation and cyber criminals cannot deliver the goods. "
- Keep your devices protected with the best antivirus and we have also marked the best web hosting