Russian Botnet Disrupted In International Cyber Operation – Expert Comments

Derived from News Release Summary:

The U.S. DOJ, together with law enforcement partners in Germany, the Netherlands and the United Kingdom, have dismantled the infrastructure of a Russian botnet known as RSOCKS which hacked millions of computers and other electronic devices around the world.

  • the RSOCKS botnet, operated by Russian cybercriminals, comprised millions of hacked devices worldwide.
  • The botnet initially targeted Internet of Things (IoT) devices, then expanded into additional types of devices, including Android devices and conventional computers.
  • the RSOCKS botnet offered access to IP addresses assigned to hacked devices.
  • Cybercriminals could navigate to a web-based “storefront” which allowed the customer to pay to rent access to a pool of proxies. The cost for access to a pool of RSOCKS proxies ranged from $30 per day for access to 2,000 proxies to $200 per day for access to 90,000 proxies.
  • It is believed that the users of this type of proxy service were conducting large scale attacks against authentication services, also known as credential stuffing, and anonymizing themselves when accessing compromised social media accounts, or sending malicious email, such as phishing messages.
Subscribe
Notify of
guest

2 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Garret F. Grajek
Garret F. Grajek , CEO
InfoSec Expert
June 20, 2022 9:59 pm

Botnets are a major international concern – and one of the major problems facing internet availability and internet security today – with the Barracuda network investigation revealing 39% of all traffic is malicious bots. These bots are scanning our machines, looking for vulnerabilities, and then deploying to our systems and communicating back to their designated C2s (hacker command and control centers). Enterprise must be aware that this is occurring and acknowledge that vulnerabilities and zero day hacks WILL be discovered. Secure identity governance is needed, since hackers will exploit compromised identities and raise privileges.

Last edited 3 months ago by Garret F. Grajek
Tom Garrubba
Tom Garrubba , Senior Director and CISO
InfoSec Expert
June 20, 2022 9:58 pm

It is great to see that law enforcement is making progress towards taking down these large botnets as of late. Botnets are so dangerous because they control large swaths of vulnerable computer systems at a scale unlike any other attack. Those infected computer pools can then be pointed at legitimate resources and cause havoc. Botnets can perform very disruptive attacks like Distributed Denial of Service or large-scale vulnerability exploitation to sell to initial access brokers who will later lend that access to ransomware gangs.

Last edited 3 months ago by Tom Garrubba
Information Security Buzz
2
0
Would love your thoughts, please comment.x
()
x