Dutch police dismantle massive botnet controlling 17 million infected devices
A proxy botnet of 17 million devices has been taken offline following a successful operation by the Dutch National Police and the National Cyber Security Centre (NCSC). The hackers made it seem as if cyberattacks were coming from legitimate consumers rather than criminals.
-
Dutch police dismantled a proxy botnet controlling 17 million infected routers, smartphones, and IoT devices operated through over 200 servers.
-
The botnet used home devices with trusted IP addresses to hide DDoS attacks, phishing, credential stuffing, and malware distribution from detection.
-
Routers, smartphones, and IoT devices are favored because their residential IPs are trusted more than data center or VPN traffic.
According to authorities, more than 200 servers controlled millions of infected devices, including computers, tablets, and smartphones, to carry out cyberattacks.
The Dutch National Police seized several botnet servers from a hosting provider. In addition, the hosting provider took the botnet offline because it was being used for criminal activities.
The cybersecurity agency states that consumer equipment, such as a router, smartphone, or internet-connected IoT device, is a favorite target for cybercriminals. Infected devices are also known as ‘residential proxies.’
A residential proxy is an intermediary for internet traffic that uses the IP address of a private internet user. These IP addresses are assigned to consumer devices by internet providers or manufacturers of IoT equipment. Therefore, they are registered as ‘residential’ in IP databases.
When a residential proxy is deployed, the recipient’s internet traffic is redirected through the device and network of a home user. As a result, it appears as if the traffic originates from a normal consumer, and not from an automated system or server affiliated with the source of the network traffic.
A third party can purchase and deploy a network of residential proxies as a service. In some cases, these third parties are cybercriminals. As a consequence, residential proxy networks can be used for illegal activities, including DDoS attacks, phishing and spam campaigns, credential stuffing and brute-force attacks, and malware distribution.
However, because residential proxies use trusted IP addresses, malicious activities are much harder to detect or block. Many security systems and websites trust traffic from residential proxy IPs more than traffic from data centers or anonymous VPNs.
Check if your data has been leaked
To prevent your device from becoming a part of a botnet, the Dutch authorities recommend keeping your operating systems and devices up to date so that known security vulnerabilities are patched. They also advise using only strong and unique passwords and enabling two-factor authentication (2FA).
Furthermore, software and apps should only be downloaded from trusted sources, and you should avoid clicking on suspicious links or attachments. Lastly, you should use and check antivirus or security software regularly to see what devices are connected to your network.
Unlock more exclusive Cybernews content on YouTube.
