Tunneling Protocol Flaws Let Threat Actors Hijack 4.2 Million Internet Hosts

Cybercriminals Exploit Tunneling Protocol Vulnerabilities to Hijack 4.2 Million Internet Hosts

A recent analysis has revealed that threat actors have successfully infiltrated 4.2 million VPN servers, routers, and other internet-connected devices by exploiting vulnerabilities across four major tunneling protocols. The attacks, which include denial-of-service, SYN flooding, TCP hijacking, and Wi-Fi breaches, have disproportionately impacted the U.S., Brazil, China, France, and Japan.

These tunneling flaws allow malicious actors to manipulate traffic by spoofing source addresses and route packets, effectively disguising nefarious activity as legitimate. Jason Soroko, a senior fellow at Sectigo, emphasized the urgency for security and networking teams to take action. He recommended restricting tunneled traffic to trusted endpoints, validating source addresses rigorously, applying the latest patches, and strengthening firewall rules to mitigate risks.

Trey Ford, chief information security officer at Bugcrowd, echoed these concerns, stressing the importance of limiting exposure to unexpected traffic. "Any device connected to the internet is vulnerable to uninvited traffic," he said. "Narrowing the scope of where listening services accept requests is critical. If certain services aren’t in use, they should be shut down entirely."

The findings underscore the growing sophistication of cyberattacks and the need for organizations to adopt proactive measures to safeguard their networks. Security experts urge businesses to reassess their protocols, invest in robust defenses, and remain vigilant against evolving threats.

For those looking to bolster their network security, understanding these vulnerabilities and implementing practical strategies is essential to staying ahead of increasingly sophisticated cybercriminals.