Criminal Proxy Network 'Stark Industries' Exploits Outdated IoT Devices
A criminal proxy network, dubbed 'Stark Industries Solutions', has been uncovered exploiting outdated IoT and end-of-life (EoL) devices. The network, linked to a Russian internet service provider, operates across over 80 countries with an average of 1000 active proxies each week.
The network's infrastructure, primarily based in Turkey, consists of five servers. One server silently collects data using UDP, while the rest provide temporary, unauthenticated access to infected devices. This access is used for malicious activities such as ad fraud and DDoS attacks.
The highest concentration of infected devices is in the US, followed by Ecuador and Canada. Only about 10% of these proxies are flagged as malicious by tools like VirusTotal, indicating a significant underestimation of the network's scale.
Black Lotus Labs, the security team that discovered the network, continues to share intelligence with global partners. They urge proactive monitoring of similar networks to prevent further exploitation. Lumen and law enforcement partners have successfully disrupted the network's command-and-control infrastructure by null routing traffic.
Security professionals recommend monitoring for abnormal login attempts, blocking known open proxy addresses, and replacing end-of-life devices to protect against such networks. The discovery of Stark Industries Solutions serves as a reminder of the persistent threat posed by criminal proxy networks exploiting outdated devices.
Read also:
- Emergency services of the future revealed by Renault with the introduction of the Vision 4Rescue vehicle.
- SonicWall executive Michael Crean discusses the current state of managed security
- Companies exercise prudence towards AI adoption, ensuring secure implementation: Exploring safeguards and strategies.
- Stolen Brain Data of Sinner and Leclerc (Yellow chroma), previously held in China, repurposed for military training purposes.
