Has Your Bandwidth Slowed Down? It Could Be Proxyware
There's a lot of money to be made by selling things that don't belong to you. That's a lesson hackers around the world have learned very well. Their latest venture is selling other people's internet bandwidth.
You may not have heard the term Proxyware before just now. If not it's a new way hackers and cybercriminals have devised to make money. The idea discovered by researchers from Cisco Talos is simplicity itself.
Hackers penetrate a target system and install something called Proxyware which is a catch all phrase to describe any number of internet-sharing applications. A great many proxyware applications are perfectly legitimate and used by millions every day.
Hackers are perverting this and creating an internet hotspot on the victim's machine. It is used as a host and the proxyware portions out their available bandwidth to those who pay for access to it. The end result is that the hackers make money and your internet connection slows to an annoying crawl.
It's devious but this is by no means the first time that hackers have figured out how to abuse perfectly legitimate software. After all many people install and run cryptocurrency miners in hopes of making a bit of extra money. Naturally hackers have co-opted this too and have created a wide range of cryptojacking software. It functions just like "regular" cryptomining software except that it's designed to give any payouts to the hackers and not the person who actually owns the machine.
Right now proxyware is in its infancy. There aren't many active campaigns and none of them are widespread or have a global reach. You can expect that to change however as hackers find their footing in this new market and maximize its moneymaking potential.
As Cisco Talos puts it:
"This is a recent trend, but the potential to grow is enormous. We are already seeing serious abuse by threat actors that stand to make a significant amount of money off these attacks. These platforms also pose new challenges for researchers, since there is no way to identify a connection through these kinds of networks -- the origin IP becomes even less meaningful in an investigation."
Ready or not large scale proxyware attacks are coming.