============================================================ TITLE: The Hidden Threat: How Residential Proxies Enable Cybercrime Across Australia and New Zealand TYPE: blog VERSION: 2 VERSION_ID: d9604fd1-270e-41ed-b8c5-1f197d3b00f1 GENERATED_AT: 2026-02-03T02:54:25.310Z SUMMARY: ACSC reports 96% success rate in edge device attacks using residential proxies. Learn how these hidden threats bypass defences and what orgs must do to protect themselves. AUTHOR: Insicon Cyber DATE PUBLISHED: February 3, 2026 DATE MODIFIED: February 3, 2026 READING TIME: 11 min WORD COUNT: 2085 SOURCE URL: https://insiconcyber.com/blog/residential-proxies-cybercrime-threat-australia-nz ============================================================ KEY TAKEAWAYS: * Residential Proxies: The Growing Cybercrime Threat * What Are Residential Proxies? * The Scale of the Problem in Australia and New Zealand * The IPIDEA Network: A Wake-Up Call * Why Residential Proxies Are So Effective ## Residential Proxies: The Growing Cybercrime Threat When we think about cybersecurity threats, we often picture sophisticated malware or state-sponsored hackers. But one of the most effective tools cybercriminals use to hide their activities is hiding in plain sight within Australian and New Zealand homes: residential proxies. Recent reports from the Australian Signals Directorate's Australian Cyber Security Centre (ACSC) and New Zealand's National Cyber Security Centre (NCSC) reveal a troubling reality. Thousands of devices across the trans-Tasman region have been compromised and enrolled in proxy networks without their owners' knowledge, creating a vast infrastructure that enables cybercrime while appearing completely legitimate. ## What Are Residential Proxies? A residential proxy is an intermediary server that uses real IP addresses assigned by Internet Service Providers (ISPs) to actual residential devices such as home routers, computers, tablets and smartphones. Unlike datacenter proxies, which use IP addresses from server farms and are relatively easy to detect and block, residential proxies route internet traffic through genuine consumer devices. This makes malicious activity nearly indistinguishable from legitimate user behaviour. When a cybercriminal uses a residential proxy, websites and security systems see traffic coming from what appears to be a real person's home internet connection, complete with proper geolocation and ISP assignment. ## The Scale of the Problem in Australia and New Zealand The threat is not theoretical. According to the ACSC's Annual Cyber Threat Report 2024-25, malicious cyber actors are actively compromising edge devices (home routers, firewalls and IoT devices) to use as proxies. In FY2024-25, the ACSC observed more than 120 incidents associated with attacks on edge devices, with a staggering 96% success rate. In September 2024, the ACSC and NCSC jointly published an advisory highlighting a botnet created by PRC-linked cyber actors that compromised over 260,000 internet-connected devices globally. This network included devices across Australia and New Zealand. These compromised devices were used as proxies to: * Conceal attacker identities during malicious operations * Deploy distributed denial-of-service (DDoS) attacks * Further compromise additional networks * Target critical infrastructure providers ## The IPIDEA Network: A Wake-Up Call In January 2026, Google's Threat Intelligence Group disrupted what they identified as the world's largest residential proxy network, operated by IPIDEA. The scale of this operation is staggering. In just a single seven-day period in January 2026, researchers observed over 550 individual threat groups utilising this network to obfuscate their activities. These included state-sponsored groups from China, DPRK, Iran and Russia. The research revealed that IPIDEA controlled multiple ostensibly independent proxy and VPN brands, creating a vast ecosystem designed to enrol consumer devices without explicit user consent. Devices were enrolled through: * Software Development Kits (SDKs) embedded in legitimate applications * Pre-installed proxy software on devices * Trojanised applications downloaded by unsuspecting users ## Why Residential Proxies Are So Effective Traditional security measures struggle against residential proxy networks for several reasons: ### 1. Legitimate Appearance Traffic from residential proxies appears identical to genuine user traffic. The IP addresses are properly registered to real ISPs and tied to actual physical locations. This makes IP-based blocking and reputation systems significantly less effective. ### 2. Geographic Precision Attackers can select IP addresses from specific countries, cities, or even neighbourhoods. This enables highly targeted attacks that bypass geographic restrictions and appear to originate from trusted locations. ### 3. Vast IP Pools Large residential proxy networks provide access to millions of IP addresses. Even if one IP is blocked, attackers can immediately switch to another, making sustained blocking efforts nearly impossible. ### 4. Bypass of Anti-Fraud Systems According to research by Trend Micro, residential proxy providers have become full-fledged enablers of cybercrime specifically because they allow criminals to circumvent anti-fraud and IT security systems that rely on IP reputation, geolocation or rate limiting. ## The Cybercrime Ecosystem Connection Residential proxies have become a critical component of the broader Cybercrime-as-a-Service ecosystem. The ACSC's Annual Cyber Threat Report 2024-25 identifies bulletproof hosting (which includes residential proxy services) as one of the key enabling services that allow cybercriminals to operate at scale. These services are advertised on underground forums as secure and resilient cyber infrastructure. Critically, bulletproof hosting providers knowingly participate in the cybercrime ecosystem, refusing to abide by law enforcement takedown requests and ignoring abuse complaints from victims. The NCSC's Cyber Threat Report 2025 notes that hacktivist groups and state-sponsored actors increasingly use residential proxy networks to obfuscate their activities. The line between state-sponsored operations and hacktivist activities has blurred, with states using proxies, supporting 'true believer' actors, or simply turning a blind eye to malicious activity emanating from within their borders. ## Implications for Australian and New Zealand Organisations For Insicon Cyber's clients and organisations across the trans-Tasman region, the rise of residential proxies creates several critical security challenges: ### Reduced Effectiveness of Traditional Defences IP-based blocklists and reputation systems become significantly less effective when attackers can route traffic through legitimate residential IP addresses. Organisations can no longer rely solely on these traditional controls. ### Increased Attack Surface The growth of remote work since COVID-19 has expanded the number of vulnerable edge devices. More home routers and personal devices connected to corporate networks create more potential entry points for compromise. ### Detection Challenges Malicious activity routed through residential proxies is significantly harder to detect. Standard security monitoring that flags unusual IP addresses or geographic anomalies will miss attacks originating from legitimate-looking residential connections. ### Compliance Implications For organisations subject to the Australian SOCI Act, Privacy Act, Essential Eight requirements, or New Zealand's Privacy Act 2020 and NZISM, the use of residential proxies by attackers complicates compliance efforts around access control, logging and incident detection. ## Adaptive Security: What Trans-Tasman Organisations Should Do The ACSC and NCSC guidance is clear: organisations need to move beyond IP-based defences to connection-based and session-based access controls. Here's what Insicon Cyber recommends: ### 1. Implement Behavioural Analytics Move from IP reputation to behavioural analysis. Monitor for anomalous patterns such as unusual access times, rapid sequential logins, abnormal data transfer volumes or unexpected geographic movements within short time frames. ### 2. Strengthen Session Management Implement robust session-based controls including multi-factor authentication, device fingerprinting and continuous authentication throughout the session rather than just at login. ### 3. Secure Edge Devices The ACSC emphasises the critical importance of securing edge devices. Organisations should: * Regularly update and patch all edge devices (routers, firewalls, VPN endpoints) * Change default credentials immediately * Disable unnecessary services and ports * Implement network segmentation to limit the impact of compromised devices ### 4. Deploy Adaptive Security Operations Insicon Cyber's adaptive Security Operations Centre (aSOC) approach provides continuous monitoring that goes beyond traditional signature-based detection. Our intelligence-driven platform identifies threats based on behaviour and context, not just IP reputation. ### 5. Enhance Logging and Monitoring Comprehensive logging of connection metadata (not just IP addresses) enables better detection of residential proxy usage. Log session duration, data transfer patterns, user agent strings and behavioural characteristics. ### 6. Educate Your Workforce Remote workers need to understand the risks of compromised home networks. Provide guidance on: * Securing home routers and IoT devices * Avoiding suspicious applications and software downloads * Recognising signs of device compromise ## Three Critical Questions for Your Organisation The NCSC's Cyber Threat Report 2025 poses three essential questions that every Australian and New Zealand organisation should ask: 1. Do we have the relationships, systems and processes to provide early warning and coordinated response? When residential proxies are used against your organisation, will you detect it in time? Do you have the monitoring capabilities and incident response procedures in place? 2. Are we confident in our ability to detect sophisticated actors using living-off-the-land techniques? Attackers using residential proxies often employ subtle techniques that blend with normal traffic. Can your security operations team identify these threats? 3. Have we tested our ability to respond to sophisticated intrusions designed not just to steal, but to remain undetected? Regular testing and validation of detection capabilities is essential. Tabletop exercises and red team assessments should include scenarios involving residential proxy networks. ## Moving Forward: Adaptive Protection for an Evolving Threat Landscape Residential proxies represent a fundamental shift in how cybercriminals and state-sponsored actors operate. The effectiveness of traditional IP-based defences continues to diminish as these networks grow. For organisations across Australia and New Zealand, this isn't a theoretical future threat. It's happening now, evidenced by the ACSC's report of 120+ edge device compromises in a single year and the massive botnet affecting hundreds of thousands of devices globally. The path forward requires adaptive, intelligence-driven security that focuses on behaviour rather than just origin. It requires comprehensive partnership between strategic advisory and operational delivery. And it requires trans-Tasman organisations to move beyond compliance checkboxes to genuine cyber resilience. At Insicon Cyber, we've built our services around this reality. From boardroom strategy to 24/7 adaptive security operations, we provide the comprehensive cybersecurity partnership that Australian and New Zealand businesses need to stay protected against evolving threats like residential proxy networks. ### Ready to Strengthen Your Defences? Contact Insicon Cyber to discuss how our adaptive security operations can help your organisation detect and respond to threats routed through residential proxy networks. Our trans-Tasman team brings global threat intelligence and regional regulatory expertise to protect what matters most. ## Sources and Further Reading Australian Cyber Security Centre: * ACSC Annual Cyber Threat Report 2024-25: https://cyber.gov.au * PRC-Linked Actors Compromise Routers and IoT Devices for Botnet Operations: Available at cyber.gov.au New Zealand National Cyber Security Centre: * NCSC Cyber Threat Report 2025: https://www.ncsc.govt.nz * PRC MSS Tradecraft in Action: https://www.ncsc.govt.nz/alerts/prc-mss-tradecraft-in-action/ * Google Cloud Blog: Disrupting the World's Largest Residential Proxy Network: https://cloud.google.com/blog/topics/threat-intelligence/disrupting-largest-residential-proxy-network * Trend Micro: The Rise of Residential Proxies: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/the-rise-of-residential-proxies-and-its-impact-on-cyber-risk-exposure-management * Oxylabs: What is a Residential Proxy: https://oxylabs.io/blog/what-is-residential-proxy * Octo Browser: Residential Proxies and How They Work: https://blog.octobrowser.net/residential-proxies-and-how-they-work Insicon Cyber is the ANZ region's trusted cybersecurity partner, uniquely positioned to bridge the gap between boardroom strategy and operational excellence. We deliver comprehensive cybersecurity solutions from executive advisory to managed security services, enabling Australian and New Zealand businesses to stay compliant, resilient and future-ready in an evolving threat landscape. ------------------------------------------------------------ FREQUENTLY ASKED QUESTIONS: Q: What Are Residential Proxies? A: A residential proxy is an intermediary server that uses real IP addresses assigned by Internet Service Providers (ISPs) to actual residential devices such as home routers, computers, tablets and smartphones. Unlike datacenter proxies, which use IP addresses from server farms and are relatively easy to detect and block, residential proxies route internet traffic through genuine consumer devices. This makes malicious activity nearly indistinguishable from legitimate user behaviour. When a cybercriminal uses a residential proxy, websites and security systems see traffic coming from what appears to be a real person's home internet connection, complete with proper geolocation and ISP assignment. Q: Ready to Strengthen Your Defences? A: Contact Insicon Cyber to discuss how our adaptive security operations can help your organisation detect and respond to threats routed through residential proxy networks. Our trans-Tasman team brings global threat intelligence and regional regulatory expertise to protect what matters most. ------------------------------------------------------------ ABOUT THIS CONTENT ------------------------------------------------------------ Source: https://insiconcyber.com/blog/residential-proxies-cybercrime-threat-australia-nz Author: Insicon Cyber Published: February 3, 2026 This content is provided for informational purposes. Please visit the original source for the most up-to-date information.