Cloudflare developer domains are actively abused by the threat actors for several illicit malicious purposes, as reported by the security analysts at FORTRA.

Recent investigations have uncovered a significant surge in attacks targeting Cloudflare Pages and Cloudflare Workers, two popular platforms used by developers for web deployment and serverless computing.

The abuse of Cloudflare’s services has seen a dramatic increase, with phishing attacks on Cloudflare Pages rising by 198% from 2023 to mid-October 2024.

Similarly, FORTRA analysts noted that Cloudflare Workers experienced a 104% surge in phishing incidents during the same period.

These statistics highlight the growing sophistication of cybercriminals in exploiting trusted platforms.

Tactics and Techniques

Attackers are leveraging Cloudflare’s infrastructure to create convincing phishing sites and execute various malicious activities:-

• Phishing Redirects: Cybercriminals use Cloudflare Pages to host deceptive links that redirect victims to credential theft pages.
• Human Verification Pages: Attackers deploy fake verification pages using Cloudflare Workers to add a layer of legitimacy to their phishing attempts.
• Email Concealment: The use of BCC foldering in phishing campaigns helps mask the scale of attacks.

Several factors make Cloudflare’s platforms attractive to malicious actors:-

1. Trusted Reputation: Cloudflare’s strong brand recognition lends credibility to hosted content.
2. Global CDN: Ensures rapid loading of phishing sites across regions.
3. Free and Easy Hosting: Enables quick deployment with minimal resources.
4. Automatic SSL/TLS: Adds a layer of perceived security to malicious sites.
5. Custom Domains: Allow for more convincing URL masking.

While Cloudflare implements various security measures, users and developers must remain vigilant:-

• Exercise caution with unfamiliar websites requesting sensitive information.
• Verify URL legitimacy before entering credentials.
• Enable two-factor authentication (2FA) for added security.
• Developers should regularly update dependencies and monitor for suspicious activity.
• Report phishing attempts to Cloudflare for investigation and takedown.

As the cyber threat landscape evolves, it’s crucial for both users and service providers to stay informed and proactive in combating these sophisticated attacks targeting trusted platforms.