Unveiling Global Cyber Attacks: How Proton66, a Russian Bulletproof Host, is Manipulated by Hackers for Malware Distribution
bloc of Proton66 has been linked to broad spectrum attacks, including phishing campaigns, ransomware attacks, DDoS strikes and malware dissemination,” read the report.
A Dedicated Cybercrime Enabler
Based in Russia, Proton66 has earned notoriety in the cybersecurity industry as the host provider to malicious agents and cyber criminals.
The provider offers bulletproof hosting, a service that intentionally overlooks or fails to take action against the nefarious activities of its customers.
Bulletproof hosts make ideal platforms for cybercriminals to carry out illegal activities by offering anonymity and a degree of immunity from law enforcement.
The Alarming Cyber Activity
Trustwave SpiderLabs has tracked and documented an alarming volume of cyber activities linked to Proton66’s net bloc.
These activities ranged from mass scanning, credential brute-forcing, to sophisticated exploitation attempts.
These findings raise critical concerns about the global reach and impact of Proton66-hosted attacks.
Phishing Campaigns and Ransomware Attacks
The researchers revealed a concrete link between Proton66, phishing campaigns, and ransomware attacks.
The phishing campaigns deliver malware injections hiding in legitimate looking emails or websites.
Once a victim clicks on the obscured link, the ransomware is downloaded and executed, locking their files until a ransom is paid.
DDoS Strikes and Malware Dissemination
Trustwave also noted a marked increase in distributed denial-of-service (DDoS) attacks.
These strikes are designed to overwhelm server, network, or application resources and cause downtimes or slowdowns.
Importantly, these attacks often serve as a smoke screen for other, more insidious activities, such as data breaches and malware dissemination.
Best Practices to Mitigate Risks
Organizations can mitigate the risks associated with these cyber activities by implementing various measures.
Frequent employee training on the latest phishing and malware techniques is crucial.
Additionally, organizations need to adopt multi-factor authentication to protect against brute force attacks and strengthen intrusion detection systems.
Regular audits, patches, and updates of security systems and software are also necessary to address potential vulnerabilities promptly.
