Beneath the Surface: Detecting and Blocking Hidden Malicious Traffic Distribution Systems

Description

This analysis explores the use of traffic distribution systems (TDS) by threat actors to redirect network traffic for illicit purposes like phishing and malvertising. TDS act as central hubs, obfuscating final destinations and hindering detection. The study found that malicious TDS exhibit distinct topological characteristics compared to benign networks, including longer redirection chains, more URLs, and higher connectivity. Using these insights, a machine learning-based detection system was developed to identify various types of malicious TDS infrastructure. The research also presents case studies of TDS usage in phishing campaigns, malvertising, darknet services, and cloaking techniques.