1. Forum
  2. tqw
  3. TQW GENTECH

  • Dangerous global botnet fueling residential proxies is being hit

    From TechnologyDaily@1337:1/100 to All on Wednesday, November 20, 2024 20:30:05
    Dangerous global botnet fueling residential proxies is being hit in major crackdown

    Date:
    Wed, 20 Nov 2024 20:15:00 +0000

    Description:
    Lumen and partners have disrupted the operations of the NSOCKS proxy and the underlying ngioweb botnet.

    FULL STORY ======================================================================Security
    researchers from Lumen's Black Lotus were investigating the ngioweb botnet for more than a year After identifying the infrastructure and traffic, the company started blocking the data flow The botnet, and the proxy service NSOCKS, are severely disrupted as a result

    Security researchers have disrupted a major malicious botnet, and thus also hurt the proxy service it powered.

    Cybersecurity researchers from Lumens Black Lotus have released a new report saying they blocked all traffic across their global network that went to, or from, the dedicated infrastructure associated with the ngioweb botnet.

    The Ngioweb botnet, first spotted in mid-2023, operated more than 35,000 bots (compromised endpoints , basically) every day. The bots were located in 180 countries and were used, first and foremost, to power the NSOCKS proxy service. This notorious criminal proxy service, as Black Lotus describes it, is linked to the threat actor known as Muddled Libra. There are also indications that the proxy was used by state-sponsored threat actors such as APT28 (aka FancyBear, a known Russian threat actor). Disrupting the operation

    At least 80% of NSOCKS bots in our telemetry originate from the ngioweb botnet, mainly utilizing small office/home office (SOHO) routers and IoT devices. Two-thirds of these proxies are based in the U.S., the researchers said.

    A proxy service allows threat actors to run different malicious campaigns, while hiding their true identity and location, by using a proxy - or a middleman device.

    Besides operating as a proxy, the ngioweb botnet could also be used to mount disruptive Distributed Denial of Service (DDoS) attacks.

    Lumen took more than a year to analyze the botnet and its operations, and while it could not conclude exactly how the hardware was compromised, it speculated that it was most likely through various n-day vulnerabilities.

    At press time, the NSOCKS proxy, and the underlying ngioweb botnet are being heavily disrupted by Lumen and its partners, given that the researchers found both the botnets architecture, and traffic.

    Via BleepingComputer You might also like US government sanctions massive proxy botnet operation that offered free VPN services Here's a list of the best firewalls today These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/dangerous-global-botnet-fueling-residen tial-proxies-is-being-hit-in-major-crackdown


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)