Derived from News Release Summary:
The U.S. DOJ, together with law enforcement partners in Germany, the Netherlands and the United Kingdom, have dismantled the infrastructure of a Russian botnet known as RSOCKS which hacked millions of computers and other electronic devices around the world.
- the RSOCKS botnet, operated by Russian cybercriminals, comprised millions of hacked devices worldwide.
- The botnet initially targeted Internet of Things (IoT) devices, then expanded into additional types of devices, including Android devices and conventional computers.
- the RSOCKS botnet offered access to IP addresses assigned to hacked devices.
- Cybercriminals could navigate to a web-based “storefront” which allowed the customer to pay to rent access to a pool of proxies. The cost for access to a pool of RSOCKS proxies ranged from $30 per day for access to 2,000 proxies to $200 per day for access to 90,000 proxies.
- It is believed that the users of this type of proxy service were conducting large scale attacks against authentication services, also known as credential stuffing, and anonymizing themselves when accessing compromised social media accounts, or sending malicious email, such as phishing messages.
Botnets are a major international concern – and one of the major problems facing internet availability and internet security today – with the Barracuda network investigation revealing 39% of all traffic is malicious bots. These bots are scanning our machines, looking for vulnerabilities, and then deploying to our systems and communicating back to their designated C2s (hacker command and control centers). Enterprise must be aware that this is occurring and acknowledge that vulnerabilities and zero day hacks WILL be discovered. Secure identity governance is needed, since hackers will exploit compromised identities and raise privileges.
It is great to see that law enforcement is making progress towards taking down these large botnets as of late. Botnets are so dangerous because they control large swaths of vulnerable computer systems at a scale unlike any other attack. Those infected computer pools can then be pointed at legitimate resources and cause havoc. Botnets can perform very disruptive attacks like Distributed Denial of Service or large-scale vulnerability exploitation to sell to initial access brokers who will later lend that access to ransomware gangs.