8/2 (Wed.) 15:40 - 16:20
A廳
Tech Briefing
Open Proxies and Cyber Espionage: Understanding the Threat Landscape and Mitigating Risks
1. Introduction
- Increase in open proxy usage by nation-sponsored threat actors
- Attack campaigns utilizing open proxies for data exfiltration, DDoS, cryptomining, etc.
2. Impact of COVID-19 on the Threat Landscape
- Remote work environment challenges in enforcing security policies and patching
- Increased vulnerability of internet-facing servers and devices
3. State-Sponsored Threat Actors
- Fancy Bear, Ocean Lotus, Lazarus, etc.
- Targeting specific vulnerabilities of internet-facing systems
- Maximizing attack capabilities and gathering initial footholds for cyber espionage
4. Utilization of Open Proxies
- Proxy chains used by threat actor groups
- Anonymity and effectiveness in carrying out attacks
- Dark web sources of proxy chain details
5. Common Intrusion Scenario: Proxychains
- Understanding the concept and potential risks
- Techniques employed by threat actors
6. Providers of Open Proxy Servers
- Identification of entities providing open proxies to nation-sponsored threat actors
7. Recommended Actions for Organizations
- Awareness and detection of open proxy usage
- Implementing robust security measures
- Regular patching and policy enforcement
- Monitoring and response strategies
In this research paper, we delve into the alarming rise of open proxy usage by
nation-sponsored
threat actors in cyber espionage campaigns. We explore the impact of the COVID-19 pandemic on
organizations' security posture and how it has contributed to increased vulnerability. We
analyze state-sponsored threat actor groups and their utilization of open proxies, focusing on
examples such as Fancy Bear, Ocean Lotus, and Lazarus. Additionally, we provide insights into
the common intrusion scenario known as Proxychains and discuss the providers of open proxy
servers utilized by these threat actors. Lastly, we offer recommended actions that
organizations
should consider to mitigate the risks posed by open proxies and bolster their security
defenses.