Hidden Malicious Traffic: Cybersecurity Threat
The rise of hidden malicious traffic: Cybercriminals are increasingly leveraging VPNs and proxies to cloak their operations, posing formidable challenges for cybersecurity professionals. This shift towards anonymity makes it harder to detect and neutralize threats, researchers confirm at the sleuthcon conference. Residential proxies, in particular, complicate matters, as they allow malicious actors to blend their activities with legitimate consumer IP addresses. This dynamic hinders law enforcement’s ability to distinguish between benign and harmful traffic. Discover how these tactics are evolving and impacting the digital landscape. Stay informed with News Directory 3. What new defenses will emerge?
Cybercriminals Turn to VPNs and Proxies for Enhanced anonymity
Updated June 06, 2025
As law enforcement intensifies its crackdown on cybercrime, criminals are shifting tactics, increasingly using VPNs and proxy services to mask their online activities. This move presents new challenges for threat detection, according to researchers at the sleuthcon conference in Arlington, Virginia.
Thibault Seret, a researcher at Team Cymru, explained that the shift away from “bulletproof” hosting towards VPNs and residential proxies allows cybercriminals to rotate and conceal their IP addresses. This makes it significantly harder to identify malicious traffic, as it blends with legitimate internet activity.
Residential proxies, in particular, pose a significant problem. These decentralized networks operate on consumer devices, assigning real IP addresses to homes and offices. This makes malicious traffic appear to come from trusted sources, complicating threat detection for organizations.
“The issue is, you cannot technically distinguish which traffic in a node is bad and which traffic is good,” Seret said. “That’s the magic of a proxy service—you cannot tell who’s who.”
Ronnie Tokazowski, cofounder of Intelligence for Good, noted that attackers have been increasing their use of residential networks for attacks over the past few years. this trend makes it more challenging to track malicious activity, especially when attackers use the same residential IP ranges as employees of a target institution.
While the use of proxies by cybercriminals isn’t new—the Avalanche cybercriminal platform used “fast-flux” hosting to conceal its activities—the rise of proxies as a readily available gray market service marks a significant change.
What’s next
Addressing the challenge posed by criminal use of proxies will require new strategies. While targeting malicious proxy providers is one option, the broader use of proxies across the internet means that a more comprehensive approach is needed to effectively combat this growing threat.