Using proxy systems to relay traffic is not a new attacker tactic, but bad actors are using them more and more these days to evade capture.
We call these "residential proxies" because they are just made up of computers at people's houses and in small businesses. These aren't some massive government installation somewhere. They are just compromised computers spread around the nations the attackers want to attack. And the computers owned by people like you and me.
One tell tale sign that a connection is bad for most of our clients is when it comes from outside the US. For most small businesses in Arkansas, network traffic is safely confined to the US. So when we see logins from Russia, Africa, Southeast Asia, etc., we can generally deduce that someone has broken into an account. Those are easy to spot and we can immediately lock out the bad actor and clean up the account.
This is why bad actors proxy their traffic. We aren't going to jump as quickly when we see a login from Dallas or Atlanta. They may get more time to do their nefarious deeds with your business assets.
Now let's take it a step farther. What happens when it's your device they are using as a proxy? Perhaps you decided that you weren't a target so you weren't going to turn on MFA. You weren't going to be careful when you clicked. You weren't going to pony up for better cloud license with all the security features included.
The bad actors compromise your system and have access for weeks, months, or years before you ever notice. You are now helping perpetuate cyber crimes. Good job!
All of this to say that it actually takes a village to have a secure internet. The more people who ignore security or just don't care, the more hiding places there are for the real bad guys.
Think of that next time you forego a security measure or cheap out and buy the bottom tier license for Microsoft 365. You are probably becoming a safe house for those cyber attackers from around the world. You probably won't even know when you've been compromised.
