VPN providers sell themselves with ideas that sound noble: data protection, privacy and security. However, the dark side of VPN usage goes unspoken but is often the real reason they’re used: location spoofing and identity masking to commit content geo-piracy, online fraud and other types of cyber crime.
We partnered with WhoIsXML API to understand exactly what VPNs and their associated IP addresses are linked to and the effects this could have on businesses. WhoIsXML API provides domain research, monitoring, Whois, DNS, IP and threat intelligence tools to a variety of industries.
VPNs and Malicious IPs Go Hand-in-Hand
Of the 1,540 VPN-associated IP addresses GeoGuard provided, WhoIsXML found that 89 of them were linked to malicious activity. They’d been directly cited for this activity, in addition to having been placed on blacklists by security solutions providers.
The vast majority of these IP addresses were owned by cloud service providers. So, they could be used to launch attacks including spamming, botnet activity and brute-force attacks on legitimate businesses.
It’s Easy to Get Access to IPs for Malicious Purposes
One company, DigitalOcean, owns a majority of these suspicious or even malicious IP addresses and makes it easy to sign up for their service. In fact, they offer a tutorial for users to set up their own OpenVPN on a virtual machine that users can also purchase on their site for just $5USD. Plus, DigitalOcean doesn’t ask for many details to verify the identities of its users.
After setting up their own OpenVPN via DigitalOcean, a bad actor could connect to the virtual servers with their local device, use that device to carry out malicious activity and then ensure their OpenVPN server doesn’t log anything. Or, they could simply abandon the server. Either way, they get away with cyber crime.
Stop Crime Before it Starts by Detecting VPNs in Real-Time
Online fraud and cyber crime enabled by the use of VPNs is a growing problem impacting both businesses and consumers worldwide. By detecting VPN enabled location fraud in real-time, you can stop criminal activity before it can even start. Cloud service providers should implement preventive measures and scrutinize their subscribers to prevent their services from being used for malicious activity. Additionally, businesses can protect themselves by monitoring or blocking traffic from these VPN-associated IP addresses.
GeoGuard provides award-winning and Hollywood Studio-approved VPN/DNS Proxy detection solutions that can be seamlessly integrated into any business’ risk management stack. Our solutions are continuously updated to include new IP ranges as they are deployed by VPN providers. GeoGuard’s VPN detection solutions are also available at the CDN level with Akamai, AWS CloudFront and others to provide fast and easy deployment of our technology. Our VPN and DNS Proxy detection has been independently tested and rated as 97.5% effective by Kingsmead Security.