Proxyjacking: the emerging cyber threat and how to protect yourself

Proxyjacking is a fileless offensive, a silent cyberthreat capable of evading traditional detection methods used to detect similar phenomena such as cryptojacking. This type of attack affects anyone indiscriminately, keeping a low profile and thus escaping notice. Akamai's SIRT recently discovered a case of proxyjacking during honeypot monitoring. The goal of this illegal activity is economic. The authors, not satisfied with stealing resources, also exploit the victim's bandwidth surplus to make it a P2P (Peer-to-Peer) proxy node. This practice is monetized through organizations such as Peer2Profit and Honeygain.

A closer look: what Akamai researchers have revealed

The Akamai team conducted a fascinating investigation late last month into the recent activity of an unidentified individual establishing multiple SSH connections to a Cowrie honeypot, a resource managed by Akamai's own SIRT. The attacker's modus operandi is to use a double Base64-encoded Bash script, an approach frequently used to disguise the real purpose of the activity and evade security checks. Decryption of the Bash script revealed worrying details of the attacker's proxyjacking. This information was collected and analyzed in a research key for what has already become a reference text in the field of computer security.

Decoding and understanding the attack

The decoding of the Bash script allowed a clear and detailed reading of the attacker's actions. Through this analysis, the Akamai team was able to reveal the operational details used by the attacker in proxyjacking. The in-depth examination allowed each step of the process to be reconstructed, bringing to light not only the methodology behind the offensive, but also the attacker's possible objectives. This information is a vital contribution to the fight against these emerging threats.

Threat protection measures

To protect themselves from proxyjacking, it is imperative that users implement adequate security measures. Some helpful tips include using strong passwords, preferably managed through a password manager, installing regular application updates and patches, and enabling multi-factor authentication whenever possible. Users with more advanced computer skills can also monitor container activity to identify any anomalies and regularly conduct security scans to identify potential vulnerabilities. In order to prevent unauthorized intrusions, it is also recommended to closely monitor network traffic and report any suspicious activity. The threat of proxyjacking is real and always lurking, but proactive and aware management of your digital security can make the difference in neutralizing this imminent danger.