SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
Story image

The perils of proxies: the backdoor into your data

Residential proxy providers promise a lot. A cursory online search demonstrates that providers of residential proxies’ guarantee online anonymity, access to global content, and faster connections than your typical virtual private network (VPN)’ for users.

Businesses, too, would appear to benefit from such services: with the right proxy, companies can unlock the potential for more effective market research through web scraping, avoid geo-blocking, boost ad verification (testing, localising, and tracking where online ads appear), improve affiliate testing and SEO (using an SEO proxy to conduct competitor research and monitor domain rating) – all advantages that sound highly compelling.

However, there can be a darker side to such providers. Residential proxies can open up the door to bad actors, who are ready to exploit user anonymity for nefarious activities, such as ad fraud, leaking data and infecting devices with malware, or credential stuffing attacks.

So what exactly is a residential proxy, and is it safe?

The ins and outs of residential IPs

A residential proxy server acts as an intermediary between a device and a website to conceal the device’s internet protocol (IP) address. In other words, it makes internet traffic look like it is coming from a chosen exit device rather than its original source.

Residential proxies use real computers and phones connected to typical home internet service providers (ISPs). They are specific and granular, especially for a location. As a result, they are better at hiding the fact a proxy is being used. Unlike those that rely on data centres or cloud service providers, which are created in bulk, residential IPs look more believable because they use real IP addresses and travel through trusted ISPs. This reduces the chance of an internet request (such as viewing a country-restricted YouTube video) being blocked.

While not inherently illegal, the way some providers build a pool of residential IPs can be alarming.

Paid services such as Bright Data and Oxylabs typically offer some kind of remuneration or return in exchange for access to a person’s home IP address. These services use sub-companies (such as EarnApp and Honeygain) to incentivise people with money to be part of their network. Software development kits (SDKs) – specific pieces of code – are then incorporated into browser extensions or apps. Some providers, such as PacketStream, buy traffic from people directly, while others, such as NetNut, make contracts with ISPs themselves.

Typically, services that support their business model through paying customers are more trustworthy since they have less incentive to resort to illicit activity that may threaten their users or reputation. Free providers, on the other hand, have to make money somehow, leading many to choose nefarious means, such as injecting malware into devices and turning them into botnets.

Evaluating the risks

In the last two years, two major proxy servers – 911[.]re and VIP72 – have shut down, each with links to suspicious pay-per-install affiliate programmes, pirated software, fraudulent activity and malware-infested systems.

What’s more, a systematic study of five proxy servers (and mobile proxies) – which included over 6.2 million resident IPs and the profiling of over 500K hosts – not only identified over 200 thousand IoT devices likely to be compromised to serve as proxies, but also that these servers tended to be part of illicit activities such as blackhat SEO, fast fluxing, phishing, and malware hosting.

But what does this mean in practice?

Generally, any service provider that has access to individual or business data comes with an element of risk, simply because they can be targets for hackers. However, when it comes to proxy servers, the level and nature of risk depends on the specific proxy type and server configuration.

For example, while proxies do provide anonymity, they do not guarantee security. Services may hide IP addresses while simultaneously logging information, browsing histories and web request data. Unlike VPNs, proxies also do not necessarily encrypt data, and anything that operates through unsecured connections opens the door to attackers that can intercept communications and sensitive data, such as usernames and passwords. Some proxies run on open ports, which can pose significant security risks, especially if insufficiently protected or misconfigured.

Some services – especially free ones – may even sell this data to other parties. Free proxies that work on unsecured networks and through ad-based revenue models are also more likely to contain viruses or malware-laden ads that can corrupt and compromise devices. Many free proxies also don’t use HTTPS connections, which adds an extra element of risk.

The connection between proxies and ad fraud

Aside from the risks proxies can pose to personal and professional devices and data, proxies can also harm business practices.

Ad fraud can boost social media accounts and search rankings for websites through fake engagement and inflating traffic. But while unsavoury tactics may serve some companies in the short term by depleting competitor budgets and weakening their market positions, this does not guarantee long-term success.

The cost of ad fraud worldwide has been on an upwards trajectory in recent years, growing from $35 billion in 2018 and is predicted to reach $100 billion in 2023 – the sum has nearly tripled in five years.

Bad data not only inhibits strategic decision-making but also leads to wasted resources, with skewed insights affecting how campaigns are implemented and executed, leading brands to misunderstand how they are engaging with consumers, often resulting in inflated ad spending and acquisition costs without any returns. In reality, many VPNs pride themselves on their ad-blocking abilities, promoting this as a key benefit, meaning any ad engagement from traffic from this type of connection should be scrutinised.

Protecting your data

There are a number of ways businesses and individual users can avoid data breaches and malware corruption. Some might opt not to use a proxy server at all, but for those who do, it starts with serious research and steering clear of free services that are more likely to resort to backdoor profiteering.

There are also applications that can mitigate against proxy-related risks: web application firewalls can filter, monitor, and block malicious traffic travelling to a web application, acting as a kind of reverse proxy – like a protective intermediary – and prevent unauthorised data from leaving the app. Quality IP data intelligence tools can identify suspicious addresses, even if they are using proxies or VPNs. Finally, working with a trusted and expert managed security service provider (MSSP) will also provide additional support to protect and learn from any security issues that arise.

In all cases, businesses must prioritise the quality and recency of their tools to ensure that they work with the most up-to-date and accurate data sources – otherwise, they risk missing out on important developments in the cybercrime sphere.

Follow us on: