Proxyjacking for Profit: The Latest Cybercriminal Side Hustle


In our hyper-connected digital realm, the Linux community shines as a bastion of innovation, security, and collaboration. Yet, the ever-evolving cyber threat landscape introduces new challenges almost daily. One such rising menace is 'proxyjacking for profit', where attackers hijack a user's bandwidth to make money, marking a shift from merely stealing data or resources to covertly profiting from a user's internet connection.

Proxyjacking-for-profit fundamentally sees attackers breach a system to monetize its bandwidth. With the expansive reach of Linux deployments—from personal gadgets to vast enterprise servers—the ecosystem becomes an enticing ground for such malevolent endeavors. The stealthy nature of these attacks makes them both elusive and challenging to counter.

My talk will embark with an in-depth examination of proxies, transitioning from their legitimate uses to their sinister applications. Drawing comparisons with the well-understood cryptojacking, we will demystify proxyjacking's complexities. Spotlighting real-world cases targeting Linux will further amplify the immediacy and magnitude of this threat.

While proxies offer numerous advantages to genuine users, they are also a double-edged sword, proving beneficial to attackers. The mounting spree of proxied attacks reveals that attackers are incentivized to employ or even establish their proxy networks. In the case of proxyjacking for profit, this drive stems from firms offering ongoing affiliate payouts for bandwidth usage, predominantly in residential domains. While these firms typically operate legitimately, attackers perceive this as an avenue for continuous, passive income, exploiting victim devices to vend bandwidth.

This talk will discuss the emergence of these campaigns, and deep dive into one of the very first of their kinds, a campaign that my team and I discovered within our honeypots that abused weak SSH credentials. These attacks closely mirror cryptojacking campaigns, both in motive and tactics, but they possess a few key differences that make them harder to detect. 

Our goal is to shed light on this emerging threat, share our findings, and discuss ways to protect against it. We want to make sure the Linux community is aware and prepared.

Room 101
Saturday, March 16, 2024 - 12:30 to 13:30