Hounded by law enforcement agencies and security experts, cyber criminals have been witnessing the ISPs and hosting providers of their botnets being shut down at a greater pace then ever.
But, where there’s a will, there’s a way, and the answer to this problem seemed obvious – they would set up their own data centers, be their own ISPs. While this is difficult to achieve in the U.S. region, it is infinitely more simple to get your own blocks of IP space in some parts of Europe, Africa and the Caribbean.
According to threatpost, all it takes is for criminals to buy their own servers, station them in a data center and send in a request for a block of IP space to the regional Internet registry that handles that part of the world. But, while in more efficient regions this is followed by control and additional inspection, in some of the previously mentioned regions a written explanation about why the space is needed is often enough.
This modus operandi has become an obvious solution for criminals running botnets. They can hide more easily their activities than when they depend on legitimate ISPs or hosting providers.
There is also another problem – once the IPs have been assigned, it’s difficult to take them back. And once it’s returned, it will usually take a long time for a legitimate business to get the IPs to be unblocked and once again labeled as safe.