Residential Proxies Compromise IP Reputation Systems in Cyber Attacks

Severity: High (Score: 67.0)

Sources: Greynoise, Bleepingcomputer

Summary

A recent analysis by GreyNoise revealed that residential proxies are being used to evade IP reputation checks in 78% of 4 billion malicious sessions observed over a three-month period. These proxies, often originating from compromised devices, make it difficult for security systems to distinguish between legitimate users and attackers. Approximately 39% of malicious sessions come from these residential IPs, which typically last for fewer than three sessions before rotating. The study indicates that 89.7% of residential IPs are involved in malicious activities for less than a month. Major contributors to this issue include networks from China, India, and Brazil, with traffic patterns reflecting human usage, dropping significantly at night. The research highlights the ineffectiveness of traditional IP reputation systems against the rapid rotation of these proxies. Notably, the Google Threat Intelligence Group recently disrupted one of the largest residential proxy networks, IPIDEA, which had millions of active proxies. However, the disruption led to an increase in datacenter traffic, suggesting that demand for such proxies remains high. The findings emphasize the need for new detection strategies beyond IP reputation. Key Points: • 78% of malicious sessions evade detection by IP reputation systems due to residential proxies. • Residential IPs are often used briefly, complicating threat detection and response. • Major disruptions to proxy networks result in quick regeneration of malicious traffic.

Key Entities

• Credential Stuffing (attack_type)
• Worm (attack_type)
• Brazil (country)
• China (country)
• India (country)
• Iran (country)
• Russia (country)
• T1021 - Remote Services (mitre_attack)
• T1046 - Network Service Discovery (mitre_attack)
• T1110 - Brute Force (mitre_attack)
• Linux (platform)
• 5Socks (tool)
• AnyProxy (tool)
• Ipidea Residential Proxy Network (tool)