Aisuru botnet shifts from DDoS to residential proxies
6 months ago
- #AI
- #cybersecurity
- #botnet
- Aisuru botnet has shifted from DDoS attacks to renting infected IoT devices to proxy services for cybercriminal anonymity.
- Aisuru has infected over 700,000 IoT devices, including routers and security cameras, and launched record-breaking DDoS attacks.
- The botnet's DDoS attacks have disrupted U.S. ISPs, causing significant operational impacts due to high outbound traffic volumes.
- Aisuru's operators updated their malware to support residential proxy services, enabling cybercriminals to anonymize traffic for data harvesting and AI projects.
- Proxy services like IPidea and Luminati have seen exponential growth, with some networks offering millions of residential proxies for rent.
- Content scraping for AI training data is increasingly using residential proxies to evade detection, overwhelming public resources and increasing bandwidth costs.
- Reddit sued proxy providers like Oxylabs for enabling mass scraping of its platform, despite efforts to block such activity.
- The FBI warned about the BADBOX 2.0 botnet, which compromised millions of IoT devices for ad fraud and other cybercrimes.
- Aisuru's malware includes a domain query (fuckbriankrebs[.]com), possibly as a taunt, but it provides limited visibility into the botnet's size.
- Experts highlight the lack of security in IoT devices, driven by market competition and low consumer prices, making them easy targets for botnets.