BleepingComputer reports that the infrastructure of the Ngioweb botnet, which is behind 80% of the 35,000 proxies offered by malicious proxy service NSOCKS, has been disrupted in a coordinated effort by Lumen Technologies’ Black Lotus Labs and its partners, including the Shadowserver Foundation, that sought to prevent traffic between both networks command-and-control nodes.
More than a dozen n-day vulnerability exploits for various IoT devices, including Netgear and Zyxel products, have been leveraged to facilitate initial access, with the targeted devices establishing C2 communications to determine the usability of the bot for the proxy network and eventual connection with the NSOCKS proxy service, an analysis from Black Lotus Labs revealed. Additional findings showed the NSOCKS proxy network’s lacking security defenses, which have enabled exploitation of discoverable proxies in distributed denial-of-service, phishing, and credential stuffing attacks even for non-paying threat actors. “According to public reporting, most of these IPs appear on free proxy lists. These lists are routinely abused by threat actors, and the proxies therein are often used in various malware samples, such as Agent Tesla, to proxy traffic,” said the report.
Get essential knowledge and practical strategies to fortify your network security.
© Copyright 2024 CNB Tel. All rights reserved