dChan
Anonymous ID: 48cd5a Sept. 22, 2023, 2:35 p.m. No.19594674   🗄️.is 🔗kun

VOLATILE NETWORKS AS A SOURCE OF DENIAL OF SERVICE

in Weaponizing proxy and VPN providers

– How to use expendable IP networks to conduct DDoS attacks

19 September 2023

 

Denial of service attacks and web scraping services share a common requirement, the access to large number of IP addresses to bypass detection. When IP addresses are known to conduct malicious activities, providers include them in the filters to build their firewall defenses and block them.

 

Access to new and clean IP addresses is key to avoid detection that is largely based on historical threat intelligence data, also known as the “IP reputation”.

 

This report shows how Qurium discovered dozens of these “clean networks” and how they were used to launch DDoS attacks against Nacionale (Kosovo), Somali Journalist Syndicate (Somalia) and Turkmen News (Turkmenistan) during August 2023.

 

But most importantly, this report shows how very little is done to stop this form of abuse and hundreds of volatile networks are traded without proper abuse remediation.

 

IXPO – the common denominator

Qurium’s report RayoByte infrastructure enabling DDoS attacks revealed that a large part of the attack traffic originating from Sprious LLC, and the report Infrastructure of VPN providers is used to launch DDoS attacks fingerprinted other parts of the attack to VPN providers. This report focused on the remaining part of the attack traffic.

 

During the investigation Qurium has studied the most active network prefixes with special focus on their upstream providers.

 

https://www.qurium.org/weaponizing-proxy-and-vpn-providers/volatile-networks/

Anonymous ID: 48cd5a Sept. 22, 2023, 2:37 p.m. No.19594678   🗄️.is 🔗kun

VOLATILE NETWORKS AS A SOURCE OF DENIAL OF SERVICE

in Weaponizing proxy and VPN providers

– How to use expendable IP networks to conduct DDoS attacks

19 September 2023

 

Denial of service attacks and web scraping services share a common requirement, the access to large number of IP addresses to bypass detection. When IP addresses are known to conduct malicious activities, providers include them in the filters to build their firewall defenses and block them.

 

Access to new and clean IP addresses is key to avoid detection that is largely based on historical threat intelligence data, also known as the “IP reputation”.

 

This report shows how Qurium discovered dozens of these “clean networks” and how they were used to launch DDoS attacks against Nacionale (Kosovo), Somali Journalist Syndicate (Somalia) and Turkmen News (Turkmenistan) during August 2023.

 

But most importantly, this report shows how very little is done to stop this form of abuse and hundreds of volatile networks are traded without proper abuse remediation.

 

IXPO – the common denominator

Qurium’s report RayoByte infrastructure enabling DDoS attacks revealed that a large part of the attack traffic originating from Sprious LLC, and the report Infrastructure of VPN providers is used to launch DDoS attacks fingerprinted other parts of the attack to VPN providers. This report focused on the remaining part of the attack traffic.

 

During the investigation Qurium has studied the most active network prefixes with special focus on their upstream providers.

 

https://www.qurium.org/weaponizing-proxy-and-vpn-providers/volatile-networks/