Freedom technologies have become weapons. And you — a part of a botnet
Home internet has become a cover for attacks.
More and more criminals in the digital underground are turning to so-called residential proxy networks, transforming everyday internet traffic into a reliable shield for their operations. This tactic makes malicious activity virtually indistinguishable from the actions of ordinary users, significantly complicating the work of threat detection systems.
Previously, cybercriminals preferred to use bulletproof hosting — providers that offer servers with no questions asked, ignoring complaints and refusing to hand over client data. However, under pressure from international investigations and a series of arrests related to these services, many criminals began to look for new ways to hide.
According to participants at the Sleuthcon conference, there is a clear shift in interest from traditional hosting to specialized VPN services and proxy networks that allow IP address rotation and combine traffic from different users into a single stream. Industry experts noted that the main problem is the inability to distinguish “bad” traffic from “good” within such networks — the very structure of proxies makes users indistinguishable.
Residential proxies play a special role in this strategy — decentralized nodes that run on household devices: old phones, laptops, smart gadgets. They provide “real” IP addresses belonging to residential or office premises, which inspires trust from security systems. Such traffic is much harder to block or track. Criminals increasingly use these residential networks, especially when they allow infiltration into the same IP ranges as employees of targeted companies. This makes attacks invisible to standard filters and monitoring systems.
Proxy technology is nothing new in the criminal world. As early as 2016, the U.S. Department of Justice pointed to the difficulties in investigating the Avalanche cybercriminal platform due to its fast-flux hosting — a scheme in which IP addresses constantly change thanks to proxies. But the fact that such services are now widely sold as semi-legal products indicates a qualitative shift in cybercrime infrastructure.
Proxy networks no longer require criminals to configure them manually — everything is pre-packaged and sold as a service. Such solutions often operate blindly: they don’t log data, don’t track clients, and aggregate the traffic of hundreds of devices, making the work of law enforcement much more difficult.
There is no clear solution to this phenomenon yet. Authorities can try to shut down known proxy providers, as they have done with hosting services, but the technology itself is too deeply rooted in the everyday internet infrastructure. Even eliminating one malicious service doesn’t solve the problem — the network remains, and it will continue to be used for both legitimate and criminal purposes.
While proxies remain an important tool for digital freedom, they simultaneously serve as a reliable mask for cyber threats — hiding attacks, espionage activities, and the spread of malware within streams of residential IP addresses.