Symantec reports a surge in the numbers of so-called bulletproof hosting providers in countries in the Middle East and North Africa (MENA) as cloud services have also entered the region, providing reliable data center and server infrastructure on which these services can function.
The term “bulletproof hosting” is used in the InfoSec domain to describe a Web hosting firm that uses local legislature, usually in countries with relaxed cybercrime laws or that don’t enforce such laws, to provide a reliable and hard to bring down service.
Most of the times, you would hear these companies justify their policies by saying they’re here to ensure anonymity for whistleblowers or people looking for enhanced privacy, but most of the time, it’s cyber-criminals that provide these firms with their biggest profits.
But don’t think these companies are running their own data centers, or at least not all of them. In most cases, these bulletproof providers are using rented servers from cloud services such as Amazon or IBM.
According to a recent report by, investments made in the MENA region by companies that provide cloud-based infrastructure have led to an increase of bulletproof hosting firms based in countries in which they were not previously found.
New bulletproof hosters found in Egypt, Lebanon, Iran, and Turkey
Symantec says that, in recent months, there has been an increase in advertisements on Russian-speaking underground hacking forums for services based in Egypt, Lebanon, Iran, or Turkey, countries known to provide an unstable legal frame for fighting cyber-crime, being usually more concentrated on national surveillance of its citizens rather than stopping malware operations.
Furthermore, the number of malware campaigns that started being linked to servers in Egypt, Iran, and Turkey also grew exponentially.
To make things more attractive and increase the number of their customers, Symantec says that these companies usually provide cheaper services than similar bulletproof hosting firms in other countries. The smaller cost of life and lower wages in these countries allow these companies to push such an aggressive pricing campaign.
The security firm recommends that network engineers deploy blacklists for known malicious domains and IPs originating from this region, either to trigger alerts or to block any connection attempts altogether.
This entry passed through the Full-Text RSS service – if this is your content and you’re reading it on someone else’s site, please read the FAQ at fivefilters.org/content-only/faq.php#publishers.
Recommended article from FiveFilters.org: .