Multiple unauthenticated tunneling protocols expose over 4.2 million hosts, including VPNs and routers, to spoofing and DDoS attacks. These protocols lack authentication or encryption, making them vulnerable to hijacking for anonymous attacks and network access, as well as enabling new amplification DDoS attacks.
The Russian state-sponsored APT group BlueAlpha is using Cloudflare Tunnels to distribute custom malware, such as GammaDrop and GammaLoad. They employ spearphishing with malicious HTML attachments to evade detection and maintain persistent access to compromised networks. This activity highlights the abuse of trusted infrastructure for malicious purposes.