Attackers leverage Cloudflare tunnels to obscure malware distribution
- by nlqip
Cybercriminals regularly abuse free services to host malware or to set up command-and-control (C2) infrastructure because they know connections to such services won’t raise suspicion inside networks. Such is the case with TryCloudflare.com, which was recently abused in a widespread campaign to deliver remote access trojans (RATs).
TryCloudflare is a tunneling feature that enables users to proxy traffic through Cloudflare’s content delivery network. The recent campaigns, independently observed this year and reported this week by researchers from security firms Proofpoint and eSentire, involved phishing emails that resulted in the download of multiple malware families, including XWorm, VenomRAT, PureLogs Stealer, AsyncRAT, GuLoader and Remcos.
“Campaign message volumes range from hundreds to tens of thousands of messages impacting dozens to thousands of organizations globally,” researchers from Proofpoint wrote in their report. “In addition to English, researchers observed French, Spanish, and German language lures. […] Lure themes vary, but typically include business-relevant topics like invoices, document requests, package deliveries and taxes.”
Source link
lol
Cybercriminals regularly abuse free services to host malware or to set up command-and-control (C2) infrastructure because they know connections to such services won’t raise suspicion inside networks. Such is the case with TryCloudflare.com, which was recently abused in a widespread campaign to deliver remote access trojans (RATs). TryCloudflare is a tunneling feature that enables users…
Recent Posts
- The 10 Hottest Semiconductor Startups Of 2024
- Cybersecurity Snapshot: Prompt Injection and Data Disclosure Top OWASP’s List of Cyber Risks for GenAI LLM Apps
- Healthcare Ransomware Attacks: How to Prevent and Respond Effectively | BlackFog
- Black Friday Versus The Bots
- Over 2,000 Palo Alto firewalls hacked using recently patched bugs