Numerous lawsuits against almost all VPN providers have been filed for copyright infringement and digital piracy. The majority have been unsuccessful and have legally established that the so called “no log” providers provide services as advertised and do not retain logs of unencrypted traffic. However, intermediary services, such as SOCKS5 proxy services, do allow for the examination or potential logging of activity, and therefore, are actionable in such lawsuits.

One side effect of this legal activity is that it drives the provision of such content further underground, where it is more likely that consumers will access infected content with embedded malware. Access via trojans is often sold as a packaged service to other threat groups, which can provide footholds for more serious threats. Organizations should monitor these potential avenues of attack carefully, particularly in work from home (WFH) and bring your own device (BYOD) scenarios. Access tokens and passwords to secure organizational VPN infrastructure can be stolen in a BYOD scenario if the device is compromised. Multifactor Authentication (MFA), geographical policies, lateral movement policies which alert or remove access if multiple impossible logins are observed, and a robust post-exploitation defense-in-depth strategy are all necessary mitigations in today’s threat environment.

https://www.bleepingcomputer.com/news/security/vpn-provider-bans-bittorrent-after-getting-sued-by-film-studios/