Man
Professional
- Messages
- 3,070
- Reaction score
- 606
- Points
- 113
How do ordinary IoT devices become puppets in hacking games?
Seven years after the appearance of the Ngioweb botnet, it is still one of the main threats in the field of cybersecurity. This proxy server is actively used by attackers to find vulnerable gadgets such as routers and IoT devices, which are then turned into "residential" proxies and sold through the Nsocks platform. The cost of access to infected IP addresses starts at $0.20 per day, and the availability of such proxies around the world allows hackers to hide their activity.
Nsocks offers customers around 30k IP addresses at prices of up to $1.50 for 24-hour access. About 75% of infected devices belong to private users, making them a preferred target. Among the most attacked are Zyxel routers, Linear eMerge devices, and Neato robot vacuum cleaners. Using specialized scanners for each type of vulnerable device allows attackers to hide the entire arsenal of exploits, making them difficult to detect.
Since the first mention of Ngioweb in a Check Point report in 2018, its code has hardly changed. Command control channels through which attackers receive data on infected devices have also been preserved. Despite the researchers' attempts to block Ngioweb, the criminals have added unique checks that help avoid detection.
Last year, there was a sharp increase in the number of proxies operating through Ngioweb, thanks to the emergence of new vulnerabilities and the active use of inconspicuous IP addresses. For example, LevelBlue Labs recently documented infections through Linear eMerge and Zyxel, which are being exploited to gain access to IP addresses around the world, including the US, UK, and Canada.
Nsocks, which has been operating since 2022, sells infected systems as SOCKS5 proxies, which allows attackers to select devices based on location, connection speed, and device type. Payment is accepted only in cryptocurrency, which provides anonymity for attackers and their customers.
The extensive use of home equipment such as Neato and Zyxel suggests that private users are increasingly becoming victims. Devices continue to connect to the network, often unaware of the threat, and are used to anonymize malicious activity by attackers.
Source
Seven years after the appearance of the Ngioweb botnet, it is still one of the main threats in the field of cybersecurity. This proxy server is actively used by attackers to find vulnerable gadgets such as routers and IoT devices, which are then turned into "residential" proxies and sold through the Nsocks platform. The cost of access to infected IP addresses starts at $0.20 per day, and the availability of such proxies around the world allows hackers to hide their activity.
Nsocks offers customers around 30k IP addresses at prices of up to $1.50 for 24-hour access. About 75% of infected devices belong to private users, making them a preferred target. Among the most attacked are Zyxel routers, Linear eMerge devices, and Neato robot vacuum cleaners. Using specialized scanners for each type of vulnerable device allows attackers to hide the entire arsenal of exploits, making them difficult to detect.
Since the first mention of Ngioweb in a Check Point report in 2018, its code has hardly changed. Command control channels through which attackers receive data on infected devices have also been preserved. Despite the researchers' attempts to block Ngioweb, the criminals have added unique checks that help avoid detection.
Last year, there was a sharp increase in the number of proxies operating through Ngioweb, thanks to the emergence of new vulnerabilities and the active use of inconspicuous IP addresses. For example, LevelBlue Labs recently documented infections through Linear eMerge and Zyxel, which are being exploited to gain access to IP addresses around the world, including the US, UK, and Canada.
Nsocks, which has been operating since 2022, sells infected systems as SOCKS5 proxies, which allows attackers to select devices based on location, connection speed, and device type. Payment is accepted only in cryptocurrency, which provides anonymity for attackers and their customers.
The extensive use of home equipment such as Neato and Zyxel suggests that private users are increasingly becoming victims. Devices continue to connect to the network, often unaware of the threat, and are used to anonymize malicious activity by attackers.
Source
