542
Downloads
19
Episodes
Stay ahead of the latest cybersecurity trends with Cyberside Chats—your go-to cybersecurity podcast for breaking news, emerging threats, and actionable solutions. Whether you’re a cybersecurity pro or an executive who wants to understand how to protect your organization, cybersecurity experts Sherri Davidoff and Matt Durrin will help you understand and proactively prepare for today’s top cybersecurity threats, AI-driven attack and defense strategies, and more!
Episodes
20 hours ago
20 hours ago
Cybercriminals are exploiting outdated routers to build massive proxy networks that hide malware operations, fraud, and credential theft—right under the radar of enterprise defenses. In this episode, Sherri and Matt unpack the FBI’s May 2025 alert, the role of TheMoon malware, and how the Faceless proxy service industrializes anonymity for hire. Learn how these botnets work, why they matter for your enterprise, and what to do next.
Takeaways
- Replace outdated routers
End-of-life routers should be identified and replaced across your organization, including remote offices and unmanaged home setups. These devices no longer receive patches and are prime targets for compromise.
- Restrict remote administration
If remote access is needed, tightly control it—limit by IP address, use VPN access, and require MFA. Avoid exposing admin interfaces directly to the internet unless absolutely necessary.
- Patch and harden infrastructure
Apply all available firmware updates and follow vendor security guidance. Where possible, segment or monitor legacy network devices that can’t be immediately replaced.
- Don’t trust domestic IPs
Traffic from domestic or residential IP ranges is no longer inherently safe. Compromised routers make malicious activity appear to come from trusted regions.
- Add proxy abuse to threat intel
Incorporate indicators of compromise from Lumen and FBI alerts into detection rulesets. Treat proxy abuse as a key TTP for credential theft, fraud, and malware C2.
- Report suspected compromise
If you identify affected infrastructure or suspicious traffic, report it to IC3.gov. Include IPs, timestamps, device types, and any supporting forensic detail.
- Replace outdated routers
End-of-life routers should be identified and replaced across your organization, including remote offices and unmanaged home setups. These devices no longer receive patches and are prime targets for compromise.
- Restrict remote administration
If remote access is needed, tightly control it—limit by IP address, use VPN access, and require MFA. Avoid exposing admin interfaces directly to the internet unless absolutely necessary.
- Patch and harden infrastructure
Apply all available firmware updates and follow vendor security guidance. Where possible, segment or monitor legacy network devices that can’t be immediately replaced.
- Don’t trust “clean” IPs
Traffic from U.S.-based or residential IP ranges is no longer inherently safe. Compromised routers make malicious activity appear to come from trusted regions.
- Add proxy abuse to threat intel
Incorporate indicators of compromise from Lumen and FBI alerts into detection rulesets. Treat proxy abuse as a key TTP for credential theft, fraud, and malware C2.
- Report suspected compromise
If you identify affected infrastructure or suspicious traffic, report it to IC3.gov. Include IPs, timestamps, device types, and any supporting forensic details.
#CybersideChats #Cybersecurity #Tech #Cyber #CyberAware #CISO #CIO #FBIalert #FBIwarning #Malware #Router