Cloudflare’s services experiencing significant abuse by cybercriminals:
Key Points:
– ‘Pages.dev’ and ‘workers.dev’ domains seeing 100-250% increase in malicious activities since 2023
– Cloudflare Pages abuse increased by 198% (460 to 1,370 incidents) with projected 1,600 cases by year-end
– Cloudflare Workers abuse rose 104% (2,447 to 4,999 incidents) with expected 6,000 cases by year-end
Primary Malicious Activities:
1. Phishing campaigns
– Hosting fake login pages (especially Microsoft Office365)
– Using “bccfoldering” to hide campaign scale
– Implementing fake verification steps
2. Technical Exploitation
– DDoS attacks
– Malicious script injection
– Password brute-forcing attempts
Attackers leverage Cloudflare’s:
– Trusted reputation
– Service reliability
– Cost-effectiveness
– Reverse proxying capabilities
Security Recommendations:
– Verify URL authenticity
– Enable two-factor authentication
– Exercise caution with suspicious links
– Validate website legitimacy before entering credentials