Takeovers of 4.2 million VPN servers, routers, and other internet hosts have been achieved by threat actors exploiting vulnerabilities across four tunneling protocols, SC Media reports.
Most of the intrusions — which include denial-of-service, SYN flooding, TCP hijacking, and Wi-Fi attacks — have impacted the U.S., Brazil, China, France, and Japan, an analysis from Top10VPN researchers found.
Such tunneling flaws, which could legitimize malicious traffic through source address and route packet spoofing, should prompt security and networking teams to ensure tunneled traffic acceptance only from trusted endpoints and appropriate source validation, as well as implement up-to-date patches and more robust firewall rules, according to Jason Soroko, senior fellow at Sectigo.
Similar sentiments have been shared by Trey Ford, chief information security officer at Bugcrowd.
"Anything connected to the internet is exposed to unexpected and uninvited traffic — narrowing the scope of where listening services are willing to accept requests from is always a good idea," said Ford. "If customers are not using these services, they should be shut down."
