Bulletproof Proxy Networks Target Retail and Financial Web Applications, Mobile Endpoints

New findings from Cequence Security’ CQ Prime research team uncovers the use of Bulletproof Proxy networks by bad actors to automated bot attacks against web applications.

“Bulletproof Proxies: The Evolving Cybercriminal Infrastructure” details how bulletproof proxy providers include millions of globally distributed IP addresses that are marketed under the guise of legitimate business use. Bad actors are using the networks for attacks such as fake account creation, BEC/romance scams, content scraping, VIP fraud, ad fraud/click fraud. Traffic generated by bulletproof proxy networks are able to blend in with legitimate users by using geographic location that matches the user-base of the target site.

Snapshot of a Bulletproof Proxy Network Provider:  

Using an affordable Bulletproof Proxy package ($75 per month), the CQ Prime team sent requests across more than 853,000 IPs, distributed across 218 different countries. This represents nearly 10% of their advertised network of 10 million rotating residential IP addresses. Some of the most robust providers advertise networks larger than 32 million Proxies. Among findings:

  • Financial sector (US-based companies): a 518.1% increase in traffic from United States residential Bulletproof Proxies was observed between May 2019 and July 2019.
  • Retail sector (US-based companies): roughly an 800% increase in traffic from United States residential Bulletproof Proxies was observed.
  • Campaign Statistics: More than 70% of the attack traffic observed across the Bulletproof Proxy network targeted mobile application endpoints and spoofed mobile applications.
  • In the financial sector, roughly 79% of the attacks targeted mobile endpoints, while 19.5% spoofed web browsers (predominantly Chrome) and the remaining 1.5% used command-line tools.
  • In the retail sector, roughly 68% spoofed mobile apps, while 22% used command-line tools and 10% imitated various web browsers. 

A distributed botnet of around 30,000 bots can rake in an easy $26,000/mo in revenue for the cybercriminals. Spam advertising with 10,000 bots rakes in approximately $300,000/mo, and bank fraud with 30,000 bots can generate over $18 Mn a month. Being in business as a botmaster is unarguably lucrative, so networks such as these Bulletproof Proxies and the continued investigations that CQ Prime will do in this shadow economy fills a critical gap in the counterintelligence efforts that are so crucial to defenders,” said Alissa Knight, Senior Analyst with Aite Group.

For a copy of CQ Prime’s “Bulletproof Proxies: The Evolving Cybercriminal Infrastructure” click here.