Tag Archive for: proxies

‘Black Proxies’ Enable Threat Actors to Conduct Malicious Activity

/in


Threat actors have been spotted using criminal proxy networks to obfuscate their illegal activities by hiding behind hijacked IP addresses and using the same to create an appearance of legitimacy.

The findings come from security researchers at DomainTools, who have said that while these networks were initially used as part of botnets, their lucrative nature has turned them into their own criminal enterprises.

Describing the new threat in an advisory published on Thursday, the DomainTools team said it spotted a new and particularly dangerous proxy service called ‘Black Proxies,’ which is being marketed to other cyber-criminals for its reliability, scope and vast number of IP addresses.

“Black Proxies market themselves as having over 1,000,000 residential and other proxy IP addresses ‘from all around the world.’ The scope and scale of these new offerings show just how large their claimed pool of IP space is,” DomainTools wrote.

“Upon further examination through the service, their pool of IP addresses listed in fall of 2022 ‘online’ comes in at just over 180,000 IPs, which is still a factor larger than the traditional services based on other types of tactics and botnets.”

According to the advisory, the Black Proxies’ scale is significant because of not only their focus on both the traditional forms of IP proxying but also their use of compromised websites for their services.

“Ultimately, in the cybercrime ecosystem, there are a host of specialized services designed to enable malicious activity,” reads the report.

The researchers also added that understanding these newer malicious proxy services and how they facilitate the efforts of other cyber-criminals is critical in order to combat them.

“For defenders looking to protect their organizations and users from these types of proxy network services, the key is to focus on defense in depth, applying different detection methods to help identify anomalous and potentially malicious behavior,” concluded the report.

Malicious domains were also at the center of a typosquat campaign uncovered in October, which highlighted attacks targeting Windows and Android users mimicking 27 brands.

Source…

TrickBot Malware Abusing MikroTik Routers as Proxies for Command-and-Control

/in


Microsoft on Wednesday detailed a previously undiscovered technique put to use by the TrickBot malware that involves using compromised Internet of Things (IoT) devices as a go-between for establishing communications with the command-and-control (C2) servers.

“By using MikroTik routers as proxy servers for its C2 servers and redirecting the traffic through non-standard ports, TrickBot adds another persistence layer that helps malicious IPs evade detection by standard security systems,” Microsoft’s Defender for IoT Research Team and Threat Intelligence Center (MSTIC) said.

Automatic GitHub Backups

TrickBot, which emerged as a banking trojan in 2016, has evolved into a sophisticated and persistent threat, with its modular architecture enabling it to adapt its tactics to suit different networks, environments, and devices as well as offer access-as-a-service for next-stage payloads like Conti ransomware.

The expansion to TrickBot’s capabilities comes amid reports of its infrastructure going offline, even as the botnet has continually refined its features to make its attack framework durable, evade reverse engineering, and maintain the stability of its C2 servers.

Specifically, the new method identified by MSTIC involves leveraging hacked IoT devices such as routers from MikroTik to “create a line of communication between the TrickBot-affected device and the C2 server.”

Prevent Data Breaches

This also entails breaking into the routers by using a combination of methods, namely default passwords, brute-force attacks, or exploiting a now-patched flaw in MikroTik RouterOS (CVE-2018-14847), followed by changing the router’s password to maintain access.

In the next step, the attackers then issue a network address translation (NAT) command that’s designed to redirect traffic between ports 449 and 80 in the router, establishing a path for the TrickBot-infected hosts to communicate with the C2 server.

“As security solutions for conventional computing devices continue to evolve and improve, attackers will explore alternative ways to compromise target networks,” the researchers said. “Attack attempts against routers and other IoT devices are not new, and being unmanaged, they can easily be the weakest links in the network.”

Source...


[the_ad_group id="27628"]

25 percent of global internet traffic routed via proxies, research shows

/in


1 of 1





With the wide availability of free-of-charge
material on the internet, not many people are stopping to think about the
privacy of their personal data—let alone their browsing information—when using
the world wide web. But with the increasing number of hacking incidents,
internet privacy is now more important than ever.


More than a quarter of internet
users use a proxy: ENV Media

Current estimates showed that there are almost 5
billion internet users around the world. However, only about a quarter of these
users—or roughly 1.27 billion users—are interested or are already using proxy
services, according to a recent ENV Media study on internet privacy.

Location-wise, India and Indonesia lead the
pack—both recorded a 38 percent user penetration—followed by Turkey with 32
percent, and China with 31 percent. Other countries with notable proxy markets
include Malaysia (29 percent), Saudi Arabia (29 percent), Brazil (26 percent),
Vietnam (25 percent), United Arab Emirates (25 percent), and Philippines (25
percent).

These figures indicate “the immense number of
users who opt for an IP disguise” either via a software subscription service or
free tools available on the internet, according to the report, which also
forecast the number of proxy users to rise. Take India as an example: the
mobile-first country is on the top of regional and global lists both by volume
and by shares of proxy users.

How proxies play a major role in
internet privacy

Proxy servers are best described as a secure
gateway between users and the internet, one that functions as a middleman that
separates internet users from the websites they are accessing. Each proxy server
provides different levels of privacy and security, depending on the user’s
preferences. Such is the case for anyIP, a
veteran player in the proxy server…

Source…

New Windows malware sets up proxies on your PC to relay malicious traffic – ZDNet

/in

New Windows malware sets up proxies on your PC to relay malicious traffic  ZDNet

New SystemBC malware spotted in the wild helping other malware strains bypass firewalls, hide bad traffic.

“malware news” – read more