Botnets are nefarious entities consisting of countless connected devices, all of which have been infected by hackers to perform malicious deeds. One such botnet, a Russian botnet consisting of millions of infected Internet of Things devices, has been dismantled and taken down by the United States Department of Justice and various law enforcement agencies throughout Germany, the United Kingdom, and the Netherlands.
The RSOCKS Botnet
The RSOCKS botnet was responsible for hacking into countless computers and other connected devices all over the globe, according to the Department of Justice. This particular botnet was operating as a proxy service. While it advertised selling legitimate IP addresses through an Internet service provider, or ISP, it was instead offering IP addresses assigned to devices hacked through the botnet. The purpose of this service was for hackers to conceal their IP addresses from law enforcement while they launched attacks against authentication portals.
In other words, hackers were using these hacked IP addresses to conceal their activity while they launched attack after attack against authentication platforms. The Department of Justice reports: “It is believed that the users of this type of proxy service were conducting large-scale attacks against authentication services, also known as credential stuffing, and anonymizing themselves when accessing compromised social media accounts, or sending malicious email, such as phishing messages.”
What Happened to RSOCKS?
The FBI has since seized control over RSOCKS’ website, where users could purchase IP addresses. The price points for these services ranged from $30 per day for 2,000 proxies to $200 per day for 9,000 proxies. If a user committed to making the purchase, they could download their list of IP addresses and ports, which they could then use to route traffic through the cracked devices to obscure their true identity. The botnet was first built using infected IoT devices, but it later took advantage of Android and other types of computers, too.
When services like this are so affordable, even to the layman hacker, you cannot afford to not take them seriously.
What Can Be Done?
This type of threat shows the security shortcomings of Internet of Things devices, something which your business needs to be well aware of if it is to successfully protect itself from threats such as this. The reason behind why Internet of Things devices were chosen as outlets for these attacks is that many are distributed with their default passwords, easily allowing hackers to bypass their security features and take advantage of them. If you do utilize IoT devices, you should use the same security standards that you would use for other, more advanced devices, like more strict password policies or dedicated networks specifically partitioned off for IoT devices.
NDYNAMICS can help you take all the appropriate measures needed to secure your business. To learn more about what we can do for your organization, reach out to us at 408-927-8700.