Reports

HostExploit is pleased to present the March 2013 World Hosts Report, in collaboration with Group-IB, CSIS and Cyscon.

Download the English report (PDF) here.

Download the German report (PDF) here.

Download the Russian report (PDF) here.

Abstract

As malware continues to evolve, and cybercriminals continue to learn, one particular fundamental remains constant – almost all malicious threats are physically hosted somewhere. For this reason, it remains as important as ever to examine hosting practices and standards and consider how they can be improved.

CyberDefcon has released a new white paper, The New gTLDs – Security by Design, focused on the security of New gTLDs. The paper, with contributions from HostExploit members, welcomes the new gTLD program as an important step towards improved "security by design".

The New gTLDs (generic top-level domains), due for roll-out in 2013, will provide the Internet with its largest ever transformation. Security issues with previous and current gTLDs remind us that such an expansion has the potential to open avenues to greater cybercriminal activity.

However, ICANN's rigorous new gTLD application process provides a fresh approach towards security with new gTLDs providing a more stable and secure domain environment. The application process is born from multi-sector discussion and community engagement with ICANN in recent years.

HostExploit is pleased to present the Q3 2012 World Hosts Report, in collaboration with Group-IB and CSIS. The #1 Host this quarter for levels of malicious activity is new to the top 50 ranking table – AS40034 Confluence Networks, registered in the Virgin Islands but hosted in the United States.

Download the English report (PDF) here.

New names in new places is sadly not a consistent theme for this quarter as, despite the new #1, the ‘Top 50 Hosts’ table for Q3 2012 has more than a fair share of familiar names holding the top positions. Unlike the new #1 (AS40034 Confluence Networks), AS16138 Interia.pl, the holder of the #2 spot, is a regular at the top of the chart for consistently serving some of the worst types of malicious activity on the web. Offences include large amounts of ‘Current Events’, a mix of the most up-to-date and fast changing attack exploits and vectors.

Interia.pl (registered in Poland) has been in the ‘Top 10’ since Q2 2010, except for its #12 slot in Q2 2011. In Q1 2012 it was #1. Frequently Interia.pl is in the top 5.

Recent successes against several gangs and major cybercriminals affirm the essentiality of transnational cooperation. A trend that is likely to continue, supporters of cross-border collaboration find reason for optimism with the prospect of future actions.

Download the English report (PDF) here.
Download the Russian report (PDF) here.
Download the Russian report (PDF) here (Group-IB mirror).

The news of three separate operations against users of the Carberp virus is a highlight of the quarter according to HostExploit Q2 2012 "Bad Hosts and Networks" report. For the central investigator, Group-IB and its various partners in each of the operations, this is a major coup as well as an important strike against some of the biggest cybercriminals.

All cybercrime is hosted and served from somewhere. A simple enough truism and yet little research, or even initiatives, emerge from this area. A new interactive web-based tool aims to provide deeper insights into this domain in search of solutions to a global problem.

How much cybercrime is served by the hosting providers registered to, or routing through, an individual country? An interesting question that can now begin to be quantifiably answered thanks to a collaborative association between HostExploit, Russian Group-IB¹ and CSIS² in Denmark. The Global Security Map displays global hot spots for cybercriminal activities based on geographic location. It was first presented at the Anti-Phishing Work Group (APWG) meeting in Prague on April 25 by leading community researcher Jart Armin, editor of HostExploit, and is now on general release along with the accompanying Global Security Report.

Download the English report (PDF) here.

Download the Russian report (PDF) here.

Download the Russian report (PDF) here (Group-IB external link).

The Global Security Map is the outcome of extensive research on Autonomous Systems (ASNs) – servers, ISPs, and networks routed publically via their respective IP (Internet Protocol) addresses. It has been the long-held vision of HostExploit, heading a group of respected independent community researchers, to be able to provide a tool to aid hosts, registrars, Internet Service Providers (ISPs), researchers, law enforcement, academics and other parties, interested in tracking Internet security-related issues worldwide.