How US Shut Russian Botnet RSOCKS That Hacked Millions Of IoT Devices

As per the US Department of Justice (DoJ), the botnet’s specialty was giving cover for large-scale credential-stuffing attacks by giving clients access to the IP addresses of these nodes for proxy purposes. 

How RSOCKS Conducted Cyberattacks?

Using a web-based “storefront” users were able to rent access to a set of proxies for a specific duration. The prices for these services ranged from $30 per day for accessing 2,000 proxies to $200 per day for access to 90,000 proxies.

"The customer could then route malicious internet traffic through the compromised victim devices to mask or hide the true source of the traffic," according to the DoJ's statement. 

"It is believed that the users of this type of proxy service were conducting large-scale attacks against authentication services, also known as credential stuffing, and anonymizing themselves when accessing compromised social media accounts, or sending malicious email, such as phishing messages."

How Was The Botnet Dismantled?

The DoJ joined forces with law enforcement in Germany, the Netherlands, and the UK to “dismantle” the botnet. The FBI investigators used a simple tactic of buying access to RSOCKS to infiltrate and identify its back-end infrastructure and the victims of the botnet. The undercover operation started back in 2017 and identified around 325,000 compromised devices across the world.

The case was handled by the FBI and prosecuted by Assistant U.S. Attorney Jonathan I. Shapiro of the Southern District of California and Ryan K.J. Dickey, Senior Counsel for the Department of Justice Criminal Division’s Computer Crimes and Intellectual Property Section.

Back in September 2020, FBI Director Christopher Wray announced that the FBI will be building a new strategy to curb cyberattacks. The strategy emphasizes imposing risk and consequences on cyber adversaries via the FBI’s unique authorities and partnerships. Cyberattack victims are encouraged to report the incident online with the Internet Crime Complaint Center (IC3).

IoT Sector Could See Rise In Cyberattacks

With rising cyberattacks against IoT devices, threat researchers are concerned and warned companies to ensure their devices have processes in place to defend them against such attacks. Previously, threat intelligence company Intel 471 said a rise in attacks on IoT devices in the last two years has led to the theft of confidential information and creation of massive botnets for taking out distributed denial-of-service (DDoS) attacks. 

The firm also noticed malware codebases Mirai and Gafgyt being used to infect connected devices. The threat is only meant to grow in 2022 as cybercriminals have shifted their focus to more lucrative motives, according to Michael DeBolt, chief intelligence officer for Intel 471.

"As IoT devices become more and more commonplace, and industries increase their dependency on these devices for their uptime and operations ... we expect to see the shift to targeted ransomware and IoT botnet operators working with access merchants to identify potential targets," he says.