Malicious use of virtual machine infrastructure
Summary
Bulletproof hosting providers are abusing legitimate ISPsystem infrastructure to provide virtual machines to cybercriminals. This allows criminals to host malicious operations, including ransomware attacks, while potentially obscuring their origins.
IFF Assessment
The abuse of legitimate infrastructure by cybercriminals makes attribution and takedown more difficult for defenders.
Severity
Defender Context
This highlights the ongoing challenge of identifying and mitigating malicious activity originating from legitimate cloud infrastructure. Defenders should monitor VM usage, network traffic, and system logs for unusual patterns that might indicate abuse. The blurring lines between legitimate and malicious infrastructure necessitate enhanced monitoring and threat intelligence to detect and respond to these threats effectively.