Security
Hosting provider pulled the plug after police traced 200 servers to the Netherlands
Dutch police say they dismantled a large botnet this week comprising at least 17 million infected devices.
After being tipped off by a researcher at the Netherlands’ National Cyber Security Centre (NCSC-NL), police began an investigation, which resulted in the discovery of 200 servers underpinning the botnet’s infrastructure located in the country.
Cybercrime specialists at The Hague Police Unit seized a number of servers from a hosting provider for further analysis, and the provider then shut down the botnet after realizing it was being used for “criminal purposes.”
Botnets can be used for various types of cybercrime, but officials did not say how this botnet in particular was used. Police merely stated the general types of abuse, which include phishing, launching DDoS attacks, and online fraud.
Neither the police nor the NCSC-NL revealed the botnet’s name – an oddity for takedowns of this kind – and also did not detail exactly what devices were enrolled in it.
However, both organizations’ announcements identified poorly secured consumer-grade kit such as routers, mobile devices, and IoT hardware as common examples.
Both also advised users to stop relying on default passwords for new hardware, avoid installing apps from unofficial sources, and keep software up to date.
Botnets and proxies on the rise
Just before the police announced the botnet takedown, NCSC-NL published a blog highlighting a rise in residential proxy networks used for malicious purposes, calling it a “worrying trend.”
Botnets and residential proxy networks are often mentioned in the same breath, since both require enrolling legitimate devices into a broader network, although they are typically used for different purposes.
Botnets are almost exclusively malicious, with only a few benign exceptions. Folding@home, a voluntary distributed computing project, is possibly the closest clean-living comparison.
Residential proxy networks are different. They’re legal, and you can find large operators advertising their services on the open web, usually promoting privacy benefits, although experts agree that these networks are a problem, and are more often abused than used for good.
Willingly or not – often the latter – consumers have their IP addresses enrolled into these networks, which are also used by cybercriminals to hide the true source of malicious traffic, complicating cyber incident response.
These proxies can be used for DDoS attacks, similar to how botnets rely on compromised devices, as well as other trickery such as phishing, brute-force attacks, bypassing impossible travel checks, and malware distribution, among others.
“The misuse of residential proxies makes it more difficult to map digital threats and attacks,” NCSC-NL wrote. “As the scale of digital attacks increases, the resilience of organizations can come under pressure.
“Additionally, the devices of unsuspecting users can become part of such proxy networks, often without their knowledge. In this way, consumers are unknowingly part of cybercrime.”
Dutch cyberattack reports hit nine-year low
On Thursday, shortly after the police announced the botnet takedown and concerns about the rise of residential proxy networks, NCSC-NL published its annual Cybercrime Monitor report, which revealed cyberattacks on Dutch companies had fallen to the lowest level in nine years.
According to 2024 data, the most recent available, just four percent of organizations reported an external cyberattack compared to 11 percent in 2016. The report noted the downward trend was noticeable across all company sizes.
Phishing and spoofing were by far the most common types of attack, with 23 percent of organizations experiencing this to some degree. At the other end of the scale, attacks involving DDoS, data breaches, business email compromise fraud, and ransomware were each reported by around one percent of organizations.
NCSC-NL linked the improvements to wider adoption of multi-factor authentication (MFA). It said the technology is effectively universal across larger organizations, with 87 percent implementing it in 2025, up from 71 percent in 2017.
For smaller organizations, the uptake was even more pronounced, more than doubling to 79 percent from 29 percent eight years prior. ®
Click Here For The Original Source.
