Update, 24 Feb, 2021: A spokeswoman for Powerhouse informs us that they've patched the vulnerability within an hour of discovery, and after analyzing their infrastructure, report that their servers weren't breached. The company pins the blame for the vulnerability on the Chameleon protocol that helps circumvent VPN blocks.
She adds, “Powerhouse currently has measures in place within the software development process to identify and mitigate potential security vulnerabilities or exploits. The company continues its evaluation and is updating its practices to detect and mitigate these types of vulnerabilities in the future.”
The original article continues below
Botnet operators have managed to infiltrate the servers of VPN (opens in new tab) provider Powerhouse Management and are exploiting them to launch Distributed Denial of Service (DDoS) (opens in new tab) attacks.
Details about the compromised servers were shared by an anonymous security researcher with ZDNet last week.
Even as Powerhouse failed to answer emails both by the security researcher and ZDNet, the latter has learnt that the compromised VPN servers have already been weaponized and are in use in real-world attacks - although TechRadar Pro has been unable to verify the authenticity of these claims.
- Here’s our list of the best endpoint protection (opens in new tab) tools to stay safe online
- These are the best Windows 10 VPN (opens in new tab) services
- We’ve also compiled a list of the best business VPN (opens in new tab) services
Thousands of servers at risk
As per the anonymous security researcher, who shared his findings (opens in new tab) publicly on GitHub, the threat actors have managed to find and exploit a service running on UDP port 20811 on Powerhouse’s servers.
“Powerhouse Management products - either Outfox (a latency reduction VPN service) or VyprVPN (opens in new tab) (a general vpn service) are exposing an interesting port - port 20811 which provides a massive data and packet amplification factor when probed with any single byte request,” the researcher observed.
What this means is that attackers can use this port to bounce an amplified packet to the IP address of the victim of the DDoS attack. The researcher notes that a scan reveals there are over 1500 Powerhouse VPN servers with their UDP port 20811 exposed and can potentially be used to launch a DDoS attack.
The researcher told ZDNet that while Powerhouse has servers all over the world, the most vulnerable seem to be "in the UK, Vienna, and Hong Kong.”
Until Powerhouse responds and addresses the issue, the researcher suggests that network admins block any traffic that comes from port 20811, in order to mitigate the risk of a DDoS attack against their networks.
- Protect your devices with these best antivirus software (opens in new tab)
Via: ZDNet (opens in new tab)