You don’t like having the FBI knocking on your door at 6 am in the morning. Surprisingly, nor does your usual cybercriminal. That is why they hide (at least the good ones), for example, behind layers of proxies, VPNs, or TOR nodes.
Their IP address will never be exposed directly to the target’s machine. Cybercriminals will always use third-party IP addresses to deliver their attacks.
There are countless ways to deliver cyberattacks. But one thing is common to all of them. The need for a pool of IP addresses to serve as a medium. Criminals need IP addresses to deliver distributed denial of service attacks.
Criminals need IP addresses to hide behind when probing services. Criminals need IP addresses to attempt brute force attacks. Criminals need IP addresses to run bot networks and services. In a nutshell, criminals need to maintain IP addresses under their control for pretty much anything. It is their most important asset and is the ammo they need to deliver attacks.
So how do cybercriminals get their hand on those infamous IP addresses, and what does this cost them? Here are some examples.
Hijacking machines and more specifically networks of IoT devices. Poorly secured and managed fleets of IoT devices left with default access credentials and outdated firmware are the perfect target for that. Easy way to zombify a large number of devices, freshly served for DDoS attacks…hey “smart” security cameras…we are watching you!
images from Hacker News