Cybercrime
,
Cybercrime as-a-service
,
Endpoint Security
Attackers List Compromised Servers on Bandwidth Sharing Platforms for Profit
Cyber crooks are performing server hijacking, or proxyjacking, to make money from the sale of their victims’ compromised bandwidth on proxy networks, a new report by security firm Akamai finds.
See Also: Live Webinar | Reclaim Control over Your Secrets – The Secret Sauce to Secrets Security
Proxyjacking involves attackers replacing an authentic webpage to drive traffic to an imitation site. While the tactic has been active for a while, Akamai researchers note that in recent months a growing number of crooks are switching to proxyjacking from crimes such as crypto mining and cryptojacking.
“With proxyjacking, the attacker doesn’t just steal resources but also leverages the victim’s unused bandwidth,” the Akamai report author, researcher Allen West, notes. “This allows for the attacker to monetize an unsuspecting victim’s extra bandwidth, with only a fraction of the resource load that would be required for crypto mining, with less chance of discovery,” says West.
Among hacking groups deploying this technique are Meris and Anonymous Sudan, who are targeting vulnerable secure shell protocols or SSH servers to gain remote access. The hackers then stealthily assign the compromised networks to proxy network services on bandwidth sharing platforms such as Peer2Proxy or Honeygain, which pays its users for sharing their unused internet bandwidth.
In recent campaigns uncovered by Akamai, hackers began their activities by infecting multiple SSH connections set as honeypots by Akamai researchers. The attackers then inserted a malicious code to servers, which then turned the compromised system into a node in the Peer2Profit and Honeygain proxy network.
The hackers then routed the malicious traffic through multiple infected nodes to disguise their activities. In the final stage of the attacks, the hackers then launched Docker services that share the victim’s bandwidth for profit.
Akamai notes the technique could become critical as it requires minimum computing equipment and lower internet bandwidth, making its detection harder. To avoid potential attacks using this techniques, Akamai’s researchers recommend patching systems regularly, enabling multi-factor authentication and checking for unprompted activities relating to Docker services.
“Open proxies serve as a crucial tool in the cybercriminal’s arsenal,” West notes. “Reliance on these proxy networking companies to properly manage their partners is a very poor defense mechanism and weak assurance,” he adds.