Cloudflare developer domains increasingly abused by threat actors
Date:
Wed, 04 Dec 2024 16:28:00 +0000
Description:
Criminals abused Cloudflare's good name in recent phishing attacks.
FULL STORY ======================================================================Security
pros from Fortra spot new phishing campaign abusing two Cloudflare domains Pages, and Workers, are being used to bypass email protections and redirect people to phishing pages The activity has risen significantly this year
Cybercriminals are abusing two Cloudflare domains to facilitate phishing attacks and push malware to their victims, researchers have claimed.
New research from cybersecurity experts Fortra claims the trend is on the rise, especially compared to 2023.
The domains, called pages.dev and workers.dev, are used to deploy web pages and serverless computing, and given Cloudflares good standing in the general publics eye, allow the crooks to bypass different endpoint protection tools and successfully compromise their targets. A surge in abuse
Pages is a free platform where front-end developers can deploy and host
static websites, or JAMstack applications, directly from their Git
repository, and into Cloudflares Content Delivery Network (CDN).
Workers, on the other hand is a serverless platform for deploying and running JavaScript, TypeScript, or Rust code at the edge to build scalable and performant applications.
Crooks, however, use it to host intermediary phishing pages that redirect victims towards actually malicious sites. The attack starts with the usual phishing email, urging the victim to address a problem immediately. The email either carries a .PDF file, or a link in the body itself. However, since the link is towards Cloudflares domains, most email security solutions dont flag it as suspicious, or malicious.
Victims are also more likely to put their guard down after seeing Cloudflares name in the link, or the PDF file.
"Fortra's SEA team has observed a 198% increase in phishing attacks on Cloudflare Pages, rising from 460 incidents in 2023 to 1,370 incidents as of mid-October 2024," the company said in its report. "With an average of approximately 137 incidents per month, the total volume of attacks is
expected to surpass 1,600 by year-end, representing a projected
year-over-year increase of 257%."
Workers arent faring much better, either. We have witnessed a 104% surge in phishing attacks on this platform, climbing from 2,447 incidents in 2023 to 4,999 incidents year-to-date," the researchers added.
"Currently averaging 499 incidents per month, the total volume is expected to reach almost 6,000 by year-end, reflecting a projected 145% increase compared to the previous year."
All phishing starts the same way - with an email message demanding urgent attention. It can be a pending invoice, a returning parcel, a security alert, or a time-sensitive giveaway. This fear of missing out, or worsening things, makes victims spring into action without considering what theyre doing. As a result, they often share their login credentials with the attackers, install malware on their computers, or even share banking and other finance data.
The best way to defend against phishing is to use common sense, and be
careful when reading emails and opening attachments, even if theyre coming from seemingly reputable sources such as Cloudflare.
Via BleepingComputer You might also like Microsoft takes down hundreds of malicious websites used in phishing scams Here's a list of the best firewalls today These are the best endpoint protection tools right now
======================================================================
Link to news story:
https://www.techradar.com/pro/security/cloudflares-developer-domains-increasin gly-abused-by-threat-actors
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)