Brian Krebs has reported that a dubious Internet provider, “Resnet,” was renting out tens of thousands of residential IP addresses to be used as proxies by fraudsters and spammers. Residential IPs are highly sought-after by illicit actors because they rotate frequently and they’re not usually blocked by businesses. Resnet was offering subscription packages to use these addresses for between $30 and $90 per month.
Krebs came across Resnet after receiving a tip that the range of IP addresses assigned to the company were generating an inordinate amount of suspicious activity. Resnet oversaw a block of nearly 70,000 IP addresses, 7,000 of which previously belonged to AT&T. Krebs found that the addresses were administered by the not-for-profit Wireless Data Service Provider Corporation (WDSPC), and he contacted them to find out more.
“A call to the WDSPC revealed the nonprofit hadn’t leased any new wireless data IP space in more than 10 years,” Krebs wrote. “That is, until the organization received a communication at the beginning of this year that it believed was from AT&T, which recommended Resnet as a customer who could occupy some of the company’s mobile data IP address blocks.”
The WDSPC admitted they’d been fooled into transferring the IP block over to Resnet, but didn’t provide further details. AT&T didn’t say if it had any prior relationship with Resnet, but the company told Krebs that it had contacted law enforcement about the matter. Krebs suspects there may have been some type of criminal fraud involved.
The incident highlights how social engineering can be used to gain more than just money or unauthorized access. Anyone can fall for a scam if they don’t know how scammers operate. New-school security awareness training is one of the best ways to ensure that your employees can defend themselves against these attacks.
KrebsOnSecurity has the story: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/