Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
For years, gray Market services called “balls” hosts were a key tool for cybercriminals that seek to keep the web infrastructure anonymously without asking questions. But as the world police are blurring towards Fall down digital threatsThey have developed strategies to obtain information on customers in these hosts and have increasingly targeted people behind services with indictment. During the conference focused on Sleuthcon cybercrime in Arlington, Virginia, today, researcher Thibault Seret indicated how this change pushed the two accommodation companies to the ball test and criminal customers to an alternative approach.
Rather than counting on web hosts to find ways to operate outside the scope of law application, some service providers have turned to offer VPNS And other proxy services such as a means of rotation and masking for customer IP addresses and to offer an infrastructure that does not intentionally record traffic or mix the traffic of many sources together. And although the technology is not new, Seret and other researchers have stressed that the transition to the use of proxys between cyberclines in the past two years is important.
“The problem is that you cannot technically distinguish which traffic in a node is bad and what traffic is good,” said Seret, researcher of the threat intelligence company, Cymru, in Wired before his speech. “It is the magic of a proxy service – you cannot say who is who. It’s good in terms of Internet freedom, but it’s great, super difficult to analyze what is going on and identify bad activities.”
The main challenge to treat cybercriminal activity hidden by proxies is that services can also, even mainly, facilitate legitimate and benign traffic. Criminals and companies that do not want to lose them because customers have particularly relied on what is called “Residential proxy”, “ Or a table of decentralized nodes that can work on consumption devices – even old Android phones or low -end laptops – offering real and rotary IP addresses allocated to houses and offices. These services offer anonymity and confidentiality, but can also protect malicious traffic.
By making malicious trafficking, it comes from the IP addresses of confidence consumption, attackers make much more difficult for organizations of organizations and other threat detection tools to identify suspicious activity. And, above all, residential proxies and other decentralized platforms that operate on disparate consumption equipment reduce insight and control of a service provider, which makes it more difficult for the application of the law to obtain something useful.
“The attackers have increased their use of residential networks for attacks in the last two to three years,” explains Ronnie Tokazowski, a long -standing researcher for digital scams and co -founder of non -profit intelligence. “If the attackers come from the same residential ranges as, say, the employees of a target organization, it is more difficult to follow.”
The criminal use of proxies is not new. In 2016, for example, the United States Ministry of Justice said that one of the obstacles of a survey of several years on the notorious The “avalanche” cybercriminal platform was the use of the service of a “fast-felux” accommodation method which has hidden the malicious activity of the platform by constantly using IP Proxy addresses constantly evolving. But the rise in proxies as a gray market service rather than something that attackers must develop internally is an important change.
“I do not yet know how we can improve the proxy problem,” said Seret of the Cymru team in Wired. “I suppose that the police could target known malware suppliers as they have done with bullet-proof hosts. But in general, proxies are whole internet services used by everyone. Even if you delete a malicious service, that does not solve the biggest challenge.”
