Here’s the translation into American English:
Cloudflare domains, such as pages.dev and workers.dev, designed to facilitate web development and serverless computing, are increasingly being exploited by malicious actors to carry out phishing attacks and other criminal activities, according to a recent report from cybersecurity firm FortraCybersecurity solutions are essential in today’s digital era….
A Concerning Rise in Abuse of Trusted Platforms
Fortra has reported that the abuse of these services has grown by between 100% and 250% compared to 2023. This increase is linked to cybercriminals’ ability to leverage Cloudflare’s reputable infrastructure, enabling them to launch more effective and harder-to-detect malicious campaigns.
Cybercriminals are using these platforms to host phishing landing pages designed to redirect users to fake sites, such as Microsoft Office365 login pages, with the goal of stealing credentials and sensitive data. According to the report, these attacks have risen by 198% in the case of Cloudflare Pages, increasing from 460 incidents in 2023 to 1,370 in October 2024. These attacks are expected to exceed 1,600 incidents by the end of the year, representing a projected annual growth of 257%.
Cloudflare Workers: The Other Front of Attack
The Cloudflare Workers platform, used to run applications and scripts directly at the edge of its CDNA CDN, short for Content Delivery Network…, has also been significantly abused. In 2024, phishing attacks related to this platform have seen an increase of 104%, growing from 2,447 incidents in 2023 to 4,999 to date. These attacks are projected to exceed 6,000 incidents before the year ends.
Among the malicious uses of Cloudflare Workers are the creation of fake human verification pages designed to mimic legitimate security practices like CAPTCHAs. These pages create a false sense of trust in victims, who are more likely to enter sensitive information without suspicion.
Advanced Evasion and Distribution Techniques
A commonly employed tactic by attackers is the use of a technique called “bccfoldering”, which obscures the scale of phishing campaigns by including recipients in the email envelope without displaying them in the headers. This makes it difficult to detect the magnitude of the attack and reduces the chances of being identified by security systems.
Additionally, attackers benefit from Cloudflare features, such as reverse proxy and automatic SSL/TLS encryption, which add legitimacy to malicious sites by ensuring secure HTTPS connections. These functionalities, designed to protect users, end up being exploited to cover up illicit activities.
Protective Measures and Recommendations
Cloudflare has implemented threat detection systems and reporting mechanisms to combat abuse, but the rapid deployment of malicious content before detection remains a challenge. Experts recommend that users:
- Always verify the authenticity of URLs before entering personal or confidential information.
- Enable two-factor authentication (2FA) on all sensitive accounts.
- Be vigilant regarding emails containing suspicious links or attachments.
Developers using these platforms should also ensure to implement robust security measures, such as regular dependency updates, secure HTTPS connections, and monitoring for unusual activities.
A Warning for the Tech Ecosystem
The Fortra report makes clear that the problem does not lie with Cloudflare’s technologies but in how cybercriminals exploit them. The exponential growth in the abuse of these platforms highlights the need for collaboration between tech companies and authorities to effectively combat these threats while maintaining trust in services designed to empower both developers and users alike.
via: Fortra