Hackers Switch to Russian IP: Half of DDoS Attacks on Domestic Resources are Conducted From Local IPs

Foreign Hackers Switching to Russian IP Addresses Amid Mass Blocking

Due to the mass blocking of IP addresses suspected of facilitating DDoS attacks, international cybercriminals have increasingly shifted to Russian IP addresses, according to a report from Qrator Labs cited by “Kommersant.” Such attacks stem from network equipment, internet of things (IoT) devices, and hosting providers’ apparatuses. The real apprehension, however, is that hosting providers may bear the brunt of the responsibility for their inadvertent involvement in these unlawful activities.

Foreign Hackers Bypassing GeoIP Blocks

After analysing the state of DDoS attacks on Russian resources in 2023, Qrator Labs concluded that foreign hackers have learnt to navigate GeoIP blocks, that is, the blockade of traffic based on geographical origin. A significant portion of the attacks originates from regions close to the victims of these cyber-attacks. Even so, the blocking of foreign sources remains high: in the last quarter of 2023, 22.3 million IP addresses were blocked – marking 19.25% increase compared to the previous quarter and a 120% increase compared to the second quarter. Consequently, hackers have resorted to “grey proxy servers located in Russia”, and malicious traffic is now generated from Russian IP addresses that remain inconspicuous.

Role of Russian Hosting Providers in DDoS Attacks

Compromised network equipment owned by homeowners and hosters, vulnerable IoT devices, and mobile gadgets can act as these proxy servers. Russian addresses account for as much as 50% of DDoS attacks, as counted by DDoS-Guard, with the remaining half primarily originating from China, Indonesia, and the US. IP address blocking by location helps limit access to resources not intended to operate outside specific regions; in 2022, many Russian internet services, including state services, stopped working outside the domestic web segment.

Russian hosting providers have noted an increased demand for affordable virtual servers. This evidence suggests that domestic hoster resources are frequently utilized in DDoS attacks. Due to this trend, there is a rising fear that regulators may hold hosting providers accountable for the use of their resources for illegal purposes.

Related Posts