Google’s disruption rips millions out of devices out of malicious network

Source Domain: cyberscoop.com

Millions of devices used as proxies by cybercriminals, espionage groups and data thieves have been removed from circulation following Google’s disruption of IPIDEA, a China-based residential proxy network. The reduction in available proxy devices came after Google’s Threat Intelligence Group used legal action and intelligence sharing to target the company’s domain infrastructure, Google said in a blog post Wednesday.

Google’s action, aided by Cloudflare, Lumen’s Black Lotus Labs and Spur, impaired some of IPIDEA’s proxy infrastructure, but not all of it. The coordinated strikes against malicious infrastructure underscore the back-and-forth struggle threat hunters confront when they take out pieces of cybercriminals’ vast and growing infrastructure.

Initial data indicates IPIDEA’s proxy network was cut by about 40%.

“We have still seen around 5 million distinct bots communicating with the IPIDEA command and control servers, so as of now they are still able to operate with a large volume of proxies,” Chris Formosa, senior lead information security engineer at Lumen Technologies’ Black Lotus Labs, told CyberScoop Thursday.

Lumen was tracking a daily average of about 8.5 million proxies connecting to IPIDEA’s servers before some of its domains were taken offline this week. “The true population was likely closer to 10-11 million, but we could only see 8.5 million of them with our visibility,” Formosa said.

Google researchers discovered a cluster of seemingly independent proxy and virtual private network brands controlled by IPIDEA. Google found several domains also owned by IPIDEA supporting software development kits for residential proxies embedded into existing applications.

Developers who add these SDKs to their apps are paid by IPIDEA, typically on a per-download basis. “These SDKs are the key to any residential proxy network—the software they get embedded into provides the network operators with the…

Source