New research has suggested that not all VPN solutions are particularly trustworthy. A study by cyber threat data provider WhoisXML API looking at 1,540 IP ranges connected to known VPN data centers and service providers found that a number had been associated with malicious activity.
After running all the IP addresses against various blacklists — the Passive Spam Blocklist and the Feodo Tracker Botnet C2 IP Blocklists – WhoisXML API found that 89 of them had previously been cited for malicious activity and were blacklisted as a result.
In addition, by investigating the logs of a small private server, the researchers were also alerted to 904 IP addresses from which apparently malicious and unwanted SSH login attempts were made over a five-day period – 14 of these attempts came from VPN-connected malicious IP addresses.
Out of the 89 malicious IP addresses found by WhoisXML API, 29 of them were owned by DigitalOcean, a US-based cloud infrastructure provider, which also owned 12 of the 14 IP addresses responsible for SSH login attempts. The fact that a single vendor was found in connection to the majority of suspicious IP addresses suggests that its policies surrounding its VPN services may need to be reinforced.
Increasingly, cyberattackers are using the poor security practices of some VPN providers to conduct illegal activity. Open VPN servers are easily abused, allowing criminals to get away with data theft and other malicious activity.
VPN deployment is increasingly common and while corporate use is well-established, consumer use is often associated with more shady actions – including hiding IP addresses to enable illegal activity. Now, research suggests that such activity comes with risks. Today, VPNs may be used widely but it appears that not all of them should be trusted.
- We’ve also highlighted the best VPN services