Cloudflare Tunnels are being used to breach networks
August 8, 2023 – Published on Tech Radar Pro
A hacking method that involves abusing a legitimate Cloudflare feature to steal people’s data and persist on compromised endpoints is gaining popularity, a report published by cybersecurity researchers from GuidePoint.
The feature being abused is called Cloudflare Tunnels, which allow users to create secure, outbound-only connections to the Cloudflare network for web servers and applications. The setup is simple, and the configuration is extensive, as users get plenty of access controls, gateway configurations, team management, and user analytics.
Cloudflare Tunnels are available on Linux, Windows, macOS and Docker, and users can start using it by simply installing one of the available cloudflared clients.
However, in January 2023, cybersecurity researchers from Phylum discovered some hackers creating malicious PyPI packages that used the tool to steal data or access endpoints, remotely and under the radar. All it takes is one command from the victim endpoint to create a discreet communication channel over which the attacker has full control.
Now, GuidePoint argues that there’s been a significant uptick in the use of this technique for data exfiltration and to establish persistence on target devices.
Read More HERE.