New vulnerabilities discovered in four tunneling protocols have led to the hijacking of 4.2 million internet hosts, including VPN servers, home routers, and enterprise routers, allowing attackers to exploit these devices and access both corporate and home networks.
The vulnerable hosts can be misused as one-way proxies, facilitating anonymous attacks on private networks, according to a blog post from Top10VPN researchers published on January 15. These attacks include new denial-of-service (DoS) techniques and DNS spoofing, which can enable additional forms of cyberattacks such as TCP hijacking, SYN floods, and Wi-Fi attacks.
Researchers noted that the majority of the attacks have been concentrated in Brazil, China, France, Japan, and the United States.
Jason Soroko, senior fellow at Sectigo, explained that these vulnerabilities allow attackers to spoof source addresses and route packets through compromised hosts, making malicious traffic appear legitimate. Soroko emphasized the risk of various attacks this vulnerability enables, including stealthy DDoS, DNS spoofing, unauthorized network access, and potential IoT device infiltration.
“Security and networking teams should ensure that tunneled traffic is only accepted from trusted endpoints,” Soroko advised. “Proper source validation, applying vendor patches, and deploying strict firewall rules can significantly reduce exposure. Strengthening tunneling configurations and ensuring that authentication checks are in place can help prevent attackers from exploiting these protocols for anonymous attacks.”
Trey Ford, chief information security officer at Bugcrowd, noted that tunneling and amplification-based attacks have been a recurring issue for several decades, with a range of protocols targeted over time, including SYN flood DoS attacks in the ’90s, DNS recursion in the early 2000s, and more recently, protocols such as NTP, LDAP, and Memcached.
“Security teams should focus on strengthening edge devices,” Ford recommended. “Devices connected to the internet are vulnerable to unexpected and uninvited traffic. Limiting the scope of where services accept requests and disabling unused services can reduce potential risks.”
Explore supply chain logistics news updates at The Supply Chain Report. Learn more about international trade at ADAMftd.com.
#InternetSecurity #TunnelingProtocols #CyberSecurity #HostHijacking #DataProtection #NetworkVulnerabilities #TechNews
