When it comes to cyber defence, organizations can safely rely on proxies, says Oxylabs
May 2024 by Oxylabs
With cyber threats ever increasing, organizations need to use innovative ways to counter
On the surface, proxy servers have very simple functionality. As an intermediary between the client device and the end server, the proxy hides the client’s IP address. Furthermore, it allows accessing the server in a particular way, for example, from the proxy’s geographic location. Together, these capabilities allow for hiding one’s online identity when checking the dangerous corners of cyberspace.
The underlying power of these basic functions reveals itself when constantly accessing many servers all over the world and in specific ways. Equipped with a proxy pool of various IP addresses, cybersecurity tool developers expand their solutions’ geographical scope and accuracy. According to Andrius Palionis, VP Enterprise at Oxylabs, for companies gathering cyber threat intelligence on a scale, a premium proxy infrastructure is essential.
"Proxies can be used in a number of different ways to enhance cybersecurity measures," says Palionis, "but how specifically?"
Protection against spear phishing
"A well-crafted email sent to an executive’s mailbox is one of the easiest ways to spread malware throughout a company’s network or acquire information that can be used in future attacks. The role of proxies is crucial to email protection, especially for companies with many clients in different countries. Such clients need to be protected from spear phishing attacks, which are targeted and customized for specific people.
"Knowing in which country the target is and what Internet Service Provider (ISP) they use, hackers can diversify what happens when the link in a phishing email is followed. The client connecting from their company IP will go to a malicious website. Meanwhile, an email protection company using an IP belonging to a different country and ISP might be directed to a legitimate website, such as the actual website of the client’s bank. This way, the protection tool is tricked into greenlighting a phishing email.
"Access to a proxy pool consisting of IPs from various countries and providers solves this issue. An email protection tool can use a proxy IP address associated with the same ISP and location as the client’s IP. With a sufficiently similar IP, the tool will be directed to the exact same website as the client. Thus, using a diverse proxy infrastructure, companies can reliably protect clients all over the world from phishing attacks."
Fighting URL hijacking and malvertising
"Typosquatting is a URL hijacking technique that exploits typos users make when typing domain names. By slightly misspelling a legitimate website’s URL, users might be directed to a domain that is deliberately made to look similar but belongs to malicious actors. When combined with malicious advertising (malvertising) in search engine results pages (SERPs), URL hijacking does not rely on users misspelling names. A correctly spelled name of a software application can return sponsored content with a similar-looking domain name at the top of the results page, which belongs to a harmful website.
"A proxy infrastructure enables web scanning that identifies such malicious ads and domains. The larger the proxy pool, the more geo-specific content is accessible, allowing companies to report and remove more online threats."
Dark web monitoring
"Hackers boast about their achievements on the dark web and protected Clearnet forums. Monitoring these marketplaces and forums allows uncovering previously unknown leaks and vulnerabilities. Opening multiple forum pages from a single IP every few seconds immediately tells administrators that someone is using automation to gather intelligence. Thus, companies need rotating proxy IPs to mimic organic user activity when extracting information from these websites. Often, proxies are more stable and less recognizable than other solutions usable for this purpose."
It is crucial to note that proxies are not meant to be sufficient cybersecurity solutions by themselves. Instead, they should be integrated into systems that address specific threats. For example, proxies cannot scan emails and attachments on their own to identify suspicious and potentially harmful material. However, proxy-supported web scraping solutions can follow links in the emails and check the websites they lead to.
"Proxies show their best colors when helping cybersecurity specialists conceal their online identity and access content that informs about vulnerabilities and emerging threats. As threat actors constantly leverage new technologies, we must match them in innovation and ingenuity. Over the years, relatively simple functions of proxies proved flexible and indispensable in action. Time will show how else they can be adapted to improve cybersecurity and help extract timely and actionable threat intelligence", concluded Palionis.