Hacking for sale: marketplaces for hackers have appeared on the Web
Cybercriminals have begun offering their "colleagues" to rent infected devices to carry out attacks, experts have warned. Offers to rent compromised gadgets are posted on so-called proxy marketplaces within just ten minutes of the device being infected. Read more about how hacker marketplaces work and what dangers such a shadow business carries in itself in the Izvestia article.
Marketplace for hackers
The appearance of proxy-marketplaces in the network was reported by Trend Micro experts. The experts found out that the hacker group Water Barghest turns thousands of vulnerable IoT devices (smartphones, computers and other gadgets) into proxy networks in just a few minutes from the moment of their compromise. Since 2020, attackers have been able to infect more than 20,000 devices using automated tools.
And Water Barghest hackers don't just infect gadgets: they rent them to other cybercriminals using so-called proxy marketplaces. It takes less than ten minutes from initial infection of the device to placement on the marketplace. Once installed, the program connects to the control servers and verifies the connection.
The gadget is then automatically added to the proxy marketplace, where it can be used by other hackers to both attack and steal data from the gadget. The upside of this scheme for cybercriminals is that they gain anonymization with geographically plausible IP addresses. It is true that since the malware runs in the RAM of the devices, this infection is easy to eliminate - all you have to do is reboot the gadget.
- The essence of proxy-marketplaces is that for a relatively small amount of money you can get access to many proxies/botnets," says Alexey Korobchenko, head of the information security department at Security Code. - That is, an attacker does not need to prepare the infrastructure himself, infect a large number of vulnerable devices, but can simply come to a specialized service and rent a botnet.
Convenient attack
According to Alexey Korobchenko, rentals like the one described by Trend Micro experts are currently very popular in the world of fraudsters and hackers, as they allow them to commit crimes even with a low level of knowledge. For example, the Ransomware-as-a-Service (Raas) model works on the same principle: those willing to buy ready-made and tested malware, which increases the number and quality of attacks around the world.
- The availability of proxy-marketplaces significantly saves time for attackers, and most importantly, reduces the level of "noise" from them," says Dmitry Ovchinnikov, head of the Laboratory for Strategic Development of Cybersecurity Products at Gazinformservice, a cybersecurity analytical center. - It is enough just to buy access and use it, and if necessary, repeat it by changing the proxying device.
The Izvestia interlocutor adds that proxy marketplaces help hackers to anonymize their presence in the Net as much as possible and carry out attacks with convenience. In turn, Viktor Gulevich, Director of the Information Security Competence Center at T1 Integration, points out that the growing popularity of proxy-marketplaces among hackers is due to the simplification of the anonymization process and the ability to change the geolocation of an IP address for the desired region, which is especially attractive for attacks on specific countries or regions. This eliminates the need to develop proxy solutions of their own, making the work of attackers easier.
- Previously, access to firewalls, crypto-gateways and compromised corporate networks was traded on the darknet," Dmitry Ovchinnikov said in a conversation with Izvestia. - Services similar to proxy-marketplaces were most likely provided privately, but, apparently, the demand for them has recently increased - and they began to be monetized as widely as possible.
Viktor Gulevich calls the predecessors of proxy marketplaces the attacks of botnets like Mirai, which also used IoT devices to create proxy networks. Such networks were used for DDoS attacks and anonymization of attackers' actions.
Hacking opportunities
Rental models such as proxy marketplaces make hacker attacks more accessible and lower the threshold of entry into cybercrime, says Alexei Korobchenko. Whereas previously the typical portrait of a hacker implied that he was a fairly tech-savvy person, now anyone can be a hacker - all he needs is a certain amount of money.
- In addition, the use of proxy-marketplaces creates increased security risks, because hacked devices can stay in "sleep" mode for a certain period of time, and then turn into a botnet and connect to a powerful attack," says the Izvestia interlocutor. - Thus, it will be more difficult to repel it, not to mention the fact that the lease model makes it difficult to identify the organizers of the model.
Dmitry Ovchinnikov adds that the ability to quickly buy a hacked proxy device anywhere in the world allows to reduce the level of "noise" quite well and opens up great opportunities for criminal activity. Such devices are not included in the lists of compromised devices, which means that traffic from them will be perceived neutrally on information protection systems. In addition, this is a great way for hackers to confuse the traces of their activities and geographically disperse them.
Defense mechanisms
Recommendations for protection against such threats as proxy marketplaces primarily apply to users of IoT and other devices connected to the network - it is important to prevent their compromise, says Kaspersky ICS CERT expert Vladimir Dashchenko in a conversation with Izvestia.
- It is important to regularly update the firmware of smart devices, change passwords for complex ones, and check the smart device settings for basic protection mechanisms - against password brute force, port scanning, and so on, " says the expert.
Dmitry Ovchinnikov adds that if it is not required for work, do not expose the device to the Internet. In addition, if possible, gadgets should be behind a firewall. Remember that any device exposed to the Net becomes an object of hackers' attention and needs to be protected.
In turn, Alexei Korobchenko recommends that companies build an echeloned defense of the corporate network, as well as their own (or outsource) monitoring and response processes. And from the government's point of view, it is necessary to look more closely at the activities of such services as proxy marketplaces, and in case of detection of the facts of work on the "dark side" to take certain measures to neutralize them in a timely manner, the expert concludes.
