2025-12-13 –, Rookie Track 2
Residential proxy services are often marketed as legitimate infrastructure for web scraping, SEO, and data access. Since the IPs come from real households, they appear trustworthy and are less likely to be blocked. However, this same infrastructure is increasingly misused in the cybercrime ecosystem, where its ability to mask true origins and imitate normal user traffic makes it especially attractive to malicious actors.
This talk began with a simple question: how can something that looks so legitimate end up being used in so many shady ways? To explore that, I take a non-technical look at how residential proxies are commercialised, from pricing and packaging to the ways they are promoted and distributed via mainstream platforms and underground marketplaces. I examine the factors that make these services increasingly attractive for abuse, supported by examples gathered through open-source research. The talk also briefly touches on the broader implications for cybersecurity and threat intelligence, particularly the challenges they pose for attribution and detection, as well as ethical concerns around how proxy nodes are sourced, especially when end users may not be fully aware their devices are involved.
This talk highlights a fast-expanding but often overlooked element of the cybercrime ecosystem.
Sandra is an OSINT and Cyber Threat Intelligence analyst with a background in criminology. Curious by nature and always eager to learn new things.