We’ve recently spotted a multi-hop Russian cybercrime-friendly VPN service provider — ad featured not syndicated at a well known cybercrime-friendly community — that is relying on fake celebrity endorsement on its way to attract new customers, in this particular case, it’s pitching itself as being recommended by ex-NSA contractor Edward Snowden. How have anonymization tactics evolved over the last couple of years? Have the bad guys been ‘innovating’ on their way to cover the malicious/fraudulent online activity orchestrated by them? Let’d discuss some of the current trends in this ever-green market segment within the cybercrime ecosystem.

Sample ad featured at the cybercrime-friendly community:


It didn’t take long for cybercriminals to realize the massive potential for abusing already created botnets, in terms of utilizing them as anonymization-based type of infrastructure. Empowering them with the necessary foundations for launching attacks relying on the ‘stepping-stones’ concept, completely mixing the malicious/legitimate logs-free anonymization infrastructure, or setting up multi-hop cybercrime-friendly VPN service providers, these practices added additional layers of anonymity to their Internet activities, primarily relying on basic ‘risk-forwarding’ tactics. Next to the utilization of these concepts, the massive/de-facto adoption of Socks4/Socks5 modular features, found in a huge percentage of modern malware/crimeware/platform releases, helped opportunistic cybercriminals to quickly monetize the market segment, by empowering others with the same capabilities through their “cybercrime-as-a-service” type of underground market propositions.

Throughout 2013, we continued to observe a decent supply of “hacked-PCs-as-a-service“, with some of the market-leading/well known/reputable vendors, still in operation. Moreover, thanks to the general availability of Socks4/Socks5 converted anonymization hosts, we also continue to observe a decent supply of CAPTCHA-based proxy-supporting DIY automatic account registration/brute-forcing tools, Denial of Service (Dos) attack tools relying on hacked/compromised PCs, as well as the now de-factor standard for the cybercrime ecosystem, use of APIs for the purpose of supplying fellow cybercriminals with access to fresh IPs with clean IP reputation.

We expect to continue observing a mix between a purely malicious infrastructure, in combination with legitimate logs-free infrastructure, for the purpose of anonymizing a cybercriminals online activities, successfully bypassing current data retention regulations in place.

Blog Staff

About the Author

Blog Staff

The Webroot blog offers expert insights and analysis into the latest cybersecurity trends. Whether you’re a home or business user, we’re dedicated to giving you the awareness and knowledge needed to stay ahead of today’s cyber threats.

Share This