How 4.2 Million Internet Hosts Were Hijacked: What You Need to Know

What happened?

Researchers have discovered vulnerabilities in four tunneling protocols that allowed attackers to hijack 4.2 million internet hosts, including VPN servers, home routers, and enterprise devices. These attacks target both corporate and home networks, letting cybercriminals abuse these devices as one-way proxies for anonymous attacks.

How do these attacks work?

Attackers exploit bugs in tunneling protocols to launch:

Denial-of-Service (DoS) attacks: Overloading systems to cause disruptions.

DNS spoofing: Redirecting users to malicious websites.

Unauthorized access: Gaining entry to private networks or IoT devices.

SYN floods: Sending a flood of TCP requests to crash systems.

These attacks can make malicious traffic appear legitimate by spoofing source addresses, bypassing basic defenses.

Where are these attacks happening?

Image representing Brazil, China, France, Japan, and the United States

Most of these attacks have occurred in:

Brazil
China
France
Japan
The United States

This highlights how widespread and impactful these vulnerabilities are.

What should you do to stay protected?

Experts recommend taking these steps to safeguard your systems:

Use trusted endpoints: Ensure tunneling traffic is only accepted from verified sources.
Update software: Apply vendor patches for affected devices and services.
Harden configurations: Secure your network with strict firewall rules and robust authentication checks.
Disable unused services: Turn off tunneling services if you don’t need them.

Why this matters for your supply chain and TPRM

Supply chains and third-party relationships depend heavily on secure networks and devices. Vulnerabilities in tunneling protocols can expose businesses to risks, including:

Compromised vendor systems leading to breaches.
Disruptions in supply chain operations due to DoS attacks.
Data theft from insecure IoT devices used in logistics.

How TPRM can help mitigate these risks

Supplier shield's dashboard showing the supplier's view of the complete chain in an easy and friendly UX

By adopting a Third-Party Risk Management (TPRM) approach, businesses can:

Identify vulnerable vendors: Assess third-party systems for outdated or unpatched devices.
Enforce security standards: Require vendors to harden their network devices and apply patches.
Monitor real-time risks: Use tools to track potential threats in your supply chain.

Take the next step with our TPRM services

Our TPRM cloud-solution are designed to protect your supply chain by identifying and managing vendor risks. Whether it’s securing tunneling protocols or safeguarding IoT devices, we help you:

Evaluate vendor cybersecurity practices.
Monitor risks continuously.
Strengthen your overall resilience.

The recent tunneling protocol vulnerabilities are a wake-up call for businesses relying on digital systems. By taking proactive steps to secure your network and embracing TPRM, you can stay ahead of threats while ensuring your supply chain remains robust and resilient.