Popular VPN service hijacked to carry out massive DDoS attacks

Network admins should take steps to keep their servers safe following attack

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Update, 24 Feb, 2021:A spokeswoman for Powerhouse informs us that they’ve patched the vulnerability within an hour of discovery, and after analyzing their infrastructure, report that their servers weren’t breached. The company pins the blame for the vulnerability on the Chameleon protocol that helps circumvent VPN blocks.

She adds, “Powerhouse currently has measures in place within the software development process to identify and mitigate potential security vulnerabilities or exploits. The company continues its evaluation and is updating its practices to detect and mitigate these types of vulnerabilities in the future.”

The original article continues below

Botnet operators have managed to infiltrate the servers ofVPNprovider Powerhouse Management and are exploiting them to launchDistributed Denial of Service (DDoS)attacks.

Details about the compromised servers were shared by an anonymous security researcher withZDNetlast week.

Even as Powerhouse failed to answer emails both by the security researcher and ZDNet, the latter has learnt that the compromised VPN servers have already been weaponized and are in use in real-world attacks - althoughTechRadar Prohas been unable to verify the authenticity of these claims.

Thousands of servers at risk

As per the anonymous security researcher, who sharedhis findingspublicly on GitHub, the threat actors have managed to find and exploit a service running on UDP port 20811 on Powerhouse’s servers.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“Powerhouse Management products - either Outfox (a latency reduction VPN service) orVyprVPN(a general vpn service) are exposing an interesting port - port 20811 which provides a massive data and packet amplification factor when probed with any single byte request,” the researcher observed.

What this means is that attackers can use this port to bounce an amplified packet to the IP address of the victim of the DDoS attack. The researcher notes that a scan reveals there are over 1500 Powerhouse VPN servers with their UDP port 20811 exposed and can potentially be used to launch a DDoS attack.

The researcher told ZDNet that while Powerhouse has servers all over the world, the most vulnerable seem to be “in the UK, Vienna, and Hong Kong.”

Until Powerhouse responds and addresses the issue, the researcher suggests that network admins block any traffic that comes from port 20811, in order to mitigate the risk of a DDoS attack against their networks.

Via:ZDNet

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Should your VPN always be on?

3 reasons why PIA fell in our best VPN rankings

Professionals are facing “tech overload” as they try to juggle multiple devices in the workplace