This month commemorates the 20th anniversary of Cybersecurity Awareness Month, providing a valuable occasion to spotlight the risks confronting businesses and individuals in their digital endeavors. Initiated in 2004 through a partnership between the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA), Cybersecurity Month aims to inform and educate both businesses and individuals about the prevailing and emerging online threats they may encounter.
Over the past 18 months, Digital Element has noted a new set of threats perpetrated by bad actors who have been leveraging residential proxy IP networks for nefarious reasons.
Streaming media companies have been severely affected by this burgeoning industry. Numerous companies offer to make thousands, even tens of thousands of legitimate residential IPs available to parties looking to maintain privacy and anonymity online, and at very little cost. Should this matter to streaming media companies?
The answer is yes. Most streaming media companies are well aware that hundreds of VPN service providers offer use of their VPNs to consumers for the express purpose of circumventing content geo-restrictions. Many have engaged partners, such as Digital Element, to detect and block traffic that stems from a VPN.
But there is a new threat emerging: distributed VPNs. These are VPNs that purchase residential IP addresses from residential IP proxy networks in order to evade detection.
What is a Residential Proxy IP Network?
Residential Proxy IP networks are networks that use the IP addresses of consumers who sign up for any number of apps that pay them to share their bandwidth. Those apps become gateways for other clients of the app provider.
Put another way, residential proxy networks enable consumers with residential internet access to “sublet” their IP address to residential IP proxy networks, enabling their subscribers’ internet traffic to appear as if it is originating from the subleted IP address.
The networks rely on multiple strategies to build their pool of available residential IPs to proxy. Consumers play an important role in residential proxy IP networks, often unwittingly. The proxy networks tell consumers that by sharing their internet bandwidth, they can earn easy money. To get paid, all the consumer needs to do is install an app — Pawns.app, Honeygain, Peer2profit, Packet Stream to name a few — and start collecting passive income.
Some residential IP proxy networks deploy additional strategies to build their pool of IP addresses, such as providing an SDK to app developers who want to monetize their apps; convincing the provider of a browser extension to include their code; and leveraging botnet to obtain residential IPs.
Once these networks have amassed a pool of residential IP addresses they then offer them to other entities that need access to them at scale (such as a VPN provider that needs to circumvent a streaming media company’s VPN-detection tool).
While residential proxy IP networks have been available for some time, what is changing is the exponential growth in both the number of networks and their scale. Certain proxy networks boast access to hundreds of thousands of residential IP addresses, which are made available to anyone willing to pay. This escalation demonstrates the need for heightened vigilance and robust security measures to combat the risks associated with these networks.
Digital Rights Management (DRM)
Residential IP proxy networks pose a major challenge for streaming media companies that need to enforce access restrictions that are geo-location based. Personal VPN usage has been growing over the past few years, especially as consumers seek to circumvent the geo-restrictions imposed by streaming media companies.
Currently, streaming media platforms can leverage Digital Element’s VPN-proxy database to stop illegitimate traffic, but as mentioned above, residential IP proxy networks are the new frontier, allowing users to circumvent the streaming media company’s ability to block access to content. A VPN that has a residential IP proxy in one country can allow a user in another country to look like a legitimate user in the destination country.
Unfortunately, streaming media platforms can’t opt to block every IP address associated with a residential IP proxy network, as their actual customers may be the ones sharing their bandwidth with those networks. Consequently, categorically blocking such IP addresses may result in blocking paying customers.
How Digital Element Detects Residential IP Proxies
While there is not a simple solution, the first step is understanding how much of your incoming traffic is proxied residential IPs. Digital Element can provide you with this understanding by uncovering IP addresses that are linked to, or have history of, association with residential IP proxy networks or VPNs. With this information, streaming media providers can make informed decisions as they address the use of resi-proxies within their subscriber base.
IP addresses contain a lot of contextual data that help us predict the legitimacy of a user behind a device. That contextual data includes attributes such as activity level and IP stability. We know, for instance, that proxied IP addresses are shared by clients all over the world, so they are likely to be seen in multiple locations. That’s an important insight for clients; if an IP address remains consistently associated with a specific location for an extended period, it is less likely to be a proxy.
IP address intelligence data, such as activity levels and stability, can’t decipher between legitimate and illegitimate users alone, but it can provide much needed context that organizations need to make smart decisions to protect access to their content.
Digital Element’s Nodify Threat Intelligence solution provides critical contextual information to help identify inbound or outbound traffic tied to residential IP proxy networks, VPNs, and darknets.This insight helps streaming media companies protect that content from pirates and other people who don’t have access rights.
Focus on Residential IP Proxy Network Traffic this Cybersecurity Awareness Month
Cybercriminals, known for their continual ingenuity, will continue to devise novel ways to circumvent the streaming media industry’s licensing and content access protections. During this Cybersecurity Awareness Month, let’s make a deliberate effort to explore these cybercriminals’ latest tactics and tools amidst our hectic routines.
If you’d like to learn more about Nodify and residential IP proxy traffic detection, visit https://www.digitalelement.com/solutions/threat-intelligence/nodify/or reach out to sales@digitalenvoy.com