Ethical Hacking News
The Nsioweb botnet has been found to fuel a notorious residential proxy service called NSOCKS, which is being used to exploit vulnerable IoT devices and compromise user privacy. With its arsenal of vulnerabilities and zero-days, the malware poses a significant threat to cybersecurity, highlighting the need for increased vigilance and proactive measures to protect against cyber threats.
The Nsioweb botnet has emerged as a new threat in the cybersecurity community, fueling a residential proxy service called NSOCKS. N SOCKS allows users to purchase access to SOCKS5 proxies based on factors such as location and device type. The malware, Nsioweb, is utilized by NSOCKS in conjunction with other residential proxy services to create a network of compromised devices. Over 20,000 IoT devices are believed to be part of the Nsioweb botnet, with most bots originating from this source. The malware breaches routers and household IoT devices using vulnerabilities and zero-days, then sells infected bots on a residential proxy marketplace. The NSOCKS network has a daily average of roughly 35,000 working bots, with many remaining active for months. The commercial market for residential proxy services is expected to grow, driven by demand from APT groups and cybercriminal organizations. The Nsioweb botnet poses a significant threat to cybersecurity due to its ability to target specific entities by domain, enabling more focused and damaging attacks.
The dark web of the internet has long been a breeding ground for malicious actors and their nefarious plans. However, in recent months, a new threat has emerged that is sending shockwaves through the cybersecurity community. The Nsioweb botnet, a notorious malware network, has been found to be fueling a residential proxy service called NSOCKS, which is being used to exploit vulnerable IoT devices and compromise user privacy.
The NSOCKS proxy service, which operates as an open platform, allows users to purchase access to SOCKS5 proxies based on factors such as location, speed, device type, and time since infection. The malware, Nsioweb, has been found to be utilized by NSOCKS in conjunction with other residential proxy services, including VN5Socks and Shopsocks5, to create a network of compromised devices that can be used to conduct malicious activities.
According to Lumen Technologies, the majority of NSOCKS bots are believed to originate from the Nsioweb botnet, which is comprised of over 20,000 IoT devices as of October 2024. The malware is capable of targeting devices running both Microsoft Windows and Linux operating systems and gets its name from a command-and-control (C2) domain registered in 2018 under the name "ngioweb[su]". The botnet employs a two-tiered architecture, with a loader network comprising 15-20 nodes that direct the bot to a loader-C2 node for retrieval and execution of the Nsioweb malware.
The malware utilizes an arsenal of vulnerabilities and zero-days to breach routers and household IoT devices such as cameras, vacuum cleaners, and access controls. The infected bots are then enlisted for sale on a residential proxy marketplace, where they can be purchased by malicious actors who seek to exploit their compromised status for nefarious purposes.
Furthermore, the NSOCKS network maintains a daily average of roughly 35,000 working bots, with 40% remaining active for a month or longer. The commercial market for residential proxy services is expected to grow in the coming years, driven in part by the demand from advanced persistent threat (APT) groups and cybercriminal organizations.
"These networks are often leveraged by criminals who find exploits or steal credentials, providing them with a seamless method to deploy malicious tools without revealing their location or identities," said Lumen Technologies. "What is particularly alarming is the way a service like NSOCKS can be used. With NSOCKS, users have the option to choose from 180 different countries for their endpoint. This capability not only allows malicious actors to spread their activities across the globe but also enables them to target specific entities by domain, such as .gov or .edu, which could lead to more focused and potentially more damaging attacks."
The Nsioweb botnet is just one of many threats that have emerged in recent months, highlighting the need for increased vigilance and proactive measures to protect against cyber threats. As cybersecurity experts and organizations continue to monitor the situation and develop strategies to combat these threats, it is essential that individuals take steps to protect their own devices and data from falling victim to such malicious activities.
In conclusion, the Nsioweb botnet and its connection to NSOCKS residential proxy network poses a significant threat to cybersecurity. As the threat landscape continues to evolve, it is crucial for organizations and individuals to remain informed and take proactive measures to protect themselves against emerging threats like this one.
Related Information:
https://thehackernews.com/2024/11/ngioweb-botnet-fuels-nsocks-residential.html
Published: Tue Nov 19 09:26:48 2024 by llama3.2 3B Q4_K_M
