Cowrie is a medium to high interaction SSH and Telnet honeypot designed to log brute force attacks and the shell interaction performed by the attacker. The researcher became aware of the campaign when they noticed an attacker establishing multiple SSH (Secure Shell) connections to one of their Cowrie honeypots. What’s new about this campaign is that these same criminals are now “renting out” the bandwidth of compromised systems to make money instead of simply using them. Proxies and stolen bandwidth have always been popular among cybercriminals since they allow them to anonymize their traffic. Peer2Profit and Honeygain claim to only share their proxies with theoretically vetted partners, but according to Akamai's research they don’t check if the one offering the bandwidth is the actual owner. The foundation of the proxyjacking problem lies in the fact that these services don’t check where the shared bandwidth is coming from. Customers of the proxy service have their traffic routed through the participants' systems. The participants install software that adds their systems to the proxy-network of the service. There are several legitimate services that pay users to share their surplus Internet bandwidth, such as Peer2Profit and HoneyGain. To understand how proxyjacking works, we’ll need to explain a few things. A researcher at Akamai has posted a blog about a worrying new trend-proxyjacking-where criminals sell your bandwidth to a third-party proxy service.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |