Cybercrime is fueled by a complex ecosystem of criminal groups that specialize on different pieces of the final attack chains experienced by victims. There are the malware developers, the access brokers, the spammers, the private information sellers, the botnet operators, the malvertizers and more.
One service that is often overlooked but still plays an important role in malware delivery are so-called traffic direction systems (TDS). These are networks of compromised websites and other servers whose goal is to direct victims to malware or phishing pages. Due to the decline of web-based exploit kits and drive-by downloads in recent years, such services have fallen out of the spotlight, but an investigation into a TDS called Prometheus shows that they still play a key role in ransomware and other malware distribution.