Residential Proxies and Infecting Infrastructure Working Session

This 10-minute report will offer a summary of conclusions of the 4-h working session on
residential proxies that the Global Cyber Alliance will host on May 18, as a parallel event of RIPE
92. The session will focus on the growing challenge of “infecting infrastructure”—compromised
devices, abused services, and proxy endpoints embedded within legitimate networks that
enable large-scale cyberattacks.
Building on prior similar workshops on actionable data and collective defense, the discussion
will examine how fragmented detection and response mechanisms allow infected infrastructure
to persist as a systemic threat. Particular attention will be given to residential proxy abuse,
whether driven by infected consumer devices or commercial proxy networks, as a rapidly
expanding enabler of fraud, malware delivery, account takeover, exploitation, and security
control evasion.
Participants in the session will explore the operational realities of this threat landscape,
including uneven visibility, uncertain attribution, limited incentives for remediation, and
persistent coordination failures across stakeholders, trying to move beyond broad problem
statements towards practical mitigation strategies. Key themes will include assessing current
collective knowledge and blind spots surrounding residential proxy abuse, defining a realistic
“good state” focused on faster detection, containment and harm reduction, and identifying
which actors are best positioned to influence outcomes. The session will also examine the
resources, partnerships, and policy mechanisms needed to close existing coordination gaps,
with the final objective to highlight concrete, achievable actions for the next 6–12 months