The U.S. Department of Justice has announced the disruption of the Russian RSocks malware botnet used to hijack millions of computers, Android smartphones, and IoT (Internet of Things) devices worldwide for use as proxy servers.
The law enforcement operation involved the FBI and police forces in Germany, the Netherlands, and the United Kingdom, where the botnet maintained parts of its infrastructure.
A botnet is a swarm of devices that threat actors can remotely control to perform various behaviour, including DDoS attacks, crypto mining, and deploying additional malware.
In the case of RSocks, the botnet was used to convert residential computers into proxy servers, allowing the botnet’s customers to use them for malicious activity or to appear as coming from a residential IP address.
Typical use-case scenarios for these services include phishing operations, credential stuffing, account takeover attempts, etc. In addition, using a proxy service makes it harder for threat actors to be tracked by law enforcement, especially when those IP addresses belong to people unaware their devices were hijacked.
RSocks was also promoted for use by shopping bots, such as sneaker bots, that benefit from using residential IP addresses, which are usually not banned from online retailers.
FBI agents began mapping the RSocks infrastructure in an undercover operation where they purchased to access a large number of proxies in 2017.
According to the United State Department of Justice, the cost for accessing RSocks proxy pools ranged from $30 per day for 2,000 proxies to $200 per day for 90,000 proxies.
At that time, the investigators identified 325,000 compromised devices, many located in the United States. RSocks allegedly compromised these devices by brute-forcing their passwords and installing software on the breached computers to turn them into proxy servers.
“Several large public and private entities have been victims of the RSocks botnet, including a university, a hotel, a television studio, and an electronics manufacturer, as well as home businesses and individuals,” explains the DOJ announcement.
“At three of the victim locations, with consent, investigators replaced the compromised devices with government-controlled computers (i.e., honeypots), and all three were subsequently compromised by RSocks.”
While RSocks operation has been severely disrupted as a result of this international law enforcement operation, no arrests have been announced this time.
Botnets are a constant and shape-shifting threat to poorly secured devices such as routers and other internet-connected “smart” IoT devices that are often neglected and left to operate unsupervised for extended periods.
To protect IoT devices, owners should always change the default administrator password to something stronger that’s hard to brute-force, apply the latest available firmware updates, and set up a separate network for IoTs, which are isolated from critical devices.
Suggest an edit to this article
Go to Cybersecurity Knowledge Base
Got to the Latest Cybersecurity News
Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for our Weekly Cybersecurity Newsletter Today.
Remember, CyberSecurity Starts With You!
This post was last modified on 17 June 2022 4:17 PM
British high street chain WH Smith has recently revealed that it was hit by a…
As banks worldwide roll out Voice ID as a means of user authentication over the…
In the era of digital transformation, cybersecurity has become a major concern for businesses. When…
In today's digital age, cybersecurity threats have become a significant concern for businesses of all…
The RIG Exploit Kit is currently in the midst of its most productive phase, attempting…
One of the most transformational technologies of our time, artificial intelligence (AI), has quickly come…
Leave a Comment