Incident & Breach Response
Report Claims Criminals Are Installing Proxyware Service
Security firm Cisco Talos reported this week that cybercriminals have found a new way to make money from their victims, by abusing internet-sharing “proxyware” platforms such as Honeygain and Nanowire to illegally share their victim’s internet connection.
See Also: Autonomous Systems: The Future of Cyber Security
Cisco Talos researchers Edmund Brumaghin and Vitor Ventura report that malicious actors are silently installing proxyware services on a victim’s computer to hijack their bandwidth without alerting the victim.
The attackers also patch the client to stop any alerts that would warn the victim, and hide their presence by installing the legitimate platform client by using Trojanized installers, the researchers say, adding that they also install digital currency miners and information stealers.
“We believe attackers are highly likely to abuse these proxyware platforms, as they can be used to disguise an attacker’s origin more efficiently than Tor, since the exit nodes cannot be cataloged,” the researchers note.
Further problems for the victims can result, the researchers say, due to: “The abuse of their resources, eventually being blacklisted due to activities they don’t even control, and it increases organizations’ attack surface, potentially creating an initial attack vector directly on the endpoint.”
Cisco Talos advises…