HomeCII/OTWater Barghest Sells Hijacked IoT Devices for Proxy Botnet Misuse

Water Barghest Sells Hijacked IoT Devices for Proxy Botnet Misuse

Published on

spot_img

A cybercriminal group known as “Water Barghest” has been targeting Internet of Things (IoT) devices and then selling them on a residential proxy marketplace, where they can be used by state-sponsored advance persistent threats (APTs) and other malicious actors to create proxy botnets. According to research from Trend Micro, the group has already compromised over 20,000 IoT devices, including small office and home office (SOHO) routers used by businesses.

The cybercriminals behind Water Barghest have been operating for more than five years, largely under the radar due to their sophisticated automation strategy. They use automated scripts to identify and compromise vulnerable IoT devices, which they find from public Internet-scanning databases like Shodan. Once they compromise a device, they deploy proprietary malware called Ngioweb to register the device as a proxy and then list it for sale on a residential proxy marketplace.

The entire process of enslaving a target takes as little as 10 minutes, highlighting the high efficiency and automation of Water Barghest’s operation. The group’s activities allow them to profit from selling compromised IoT devices to other threat actors who can then use them for malicious purposes.

Selling compromised devices as proxy botnets is a lucrative business model for cybercriminals, as it provides both espionage-motivated and financially motivated actors with a way to hide the origin of their malicious activities. Proxy botnets can be used to scrape website content, access stolen online assets, and launch cyberattacks. For example, Russia’s Sandworm group recently used the VPNFilter botnet in activities against Ukraine before being disrupted by law enforcement.

Threat actors like Water Barghest exploit IoT devices that accept incoming connections on the open Internet, making it easy to compromise devices with known vulnerabilities or zero-days. The cybercriminal group automates each step of their operation, from finding vulnerable devices to listing them for sale on a Dark Web marketplace. They have multiple identities on virtual private servers to continuously scan for vulnerabilities and upload malware to compromised devices.

To protect against the growing threat of proxy botnets, organizations need to address the security of IoT devices, which are notoriously hackable. Limiting the exposure of these devices to incoming connections from the open Internet when not business-essential can help mitigate the risk of them being used in malicious activities. While law enforcement has been effective in disrupting proxy botnets, addressing the security of IoT devices at the source is essential.

Source link

Latest articles

Creating a Cryptography Bill of Materials: Proceed with Caution!

US Government Is Working on CBOMs But Discovery and Inventories Are a Local Problem In...

New Windows Bind Link Techniques Enable Attackers to Bypass EDR and Security Controls

Bitdefender has recently unveiled alarming techniques that illustrate the evolving landscape of cyber threats,...

White House Introduces AI-Driven Vulnerability Clearinghouse to Accelerate Cyber Remediation

A Move Toward Coordinated Vulnerability Response In a significant development in the cybersecurity landscape, Prabhjyot...

Cynomi’s Focus on Autonomous AI Agents for Security Teams

CEO David Primor Discusses the Impact of AI on Engineering Productivity Cynomi, a promising player...

More like this

Creating a Cryptography Bill of Materials: Proceed with Caution!

US Government Is Working on CBOMs But Discovery and Inventories Are a Local Problem In...

New Windows Bind Link Techniques Enable Attackers to Bypass EDR and Security Controls

Bitdefender has recently unveiled alarming techniques that illustrate the evolving landscape of cyber threats,...

White House Introduces AI-Driven Vulnerability Clearinghouse to Accelerate Cyber Remediation

A Move Toward Coordinated Vulnerability Response In a significant development in the cybersecurity landscape, Prabhjyot...