• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
cybercriminals abusing cloudflare r2 for hosting phishing pages, experts warn

Cybercriminals Abusing Cloudflare R2 for Hosting Phishing Pages, Experts Warn

You are here: Home / General Cyber Security News / Cybercriminals Abusing Cloudflare R2 for Hosting Phishing Pages, Experts Warn
August 15, 2023

Risk actors’ use of Cloudflare R2 to host phishing internet pages has witnessed a 61-fold increase about the previous six months.

“The greater part of the phishing strategies focus on Microsoft login credentials, although there are some web pages concentrating on Adobe, Dropbox, and other cloud apps,” Netskope security researcher Jan Michael explained.

Cloudflare R2, analogous to Amazon Web Service S3, Google Cloud Storage, and Azure Blob Storage, is a data storage company for the cloud.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


The advancement will come as the full selection of cloud applications from which malware downloads originate has increased to 167, with Microsoft OneDrive, Squarespace, GitHub, SharePoint, and Weebly taking the top five spots.

Cybersecurity

The phishing campaigns discovered by Netskope not only abuse Cloudflare R2 to distribute static phishing internet pages, but also leverage the company’s Turnstile providing, a CAPTCHA replacement, to area these types of pages at the rear of anti-bot barriers to evade detection.

In performing so, it helps prevent online scanners like urlscan.io from achieving the actual phishing internet site, as the CAPTCHA exam results in a failure.

As an more layer of detection evasion, the malicious web sites are created to load the written content only when sure situations are met.

“The malicious internet site necessitates a referring site to incorporate a timestamp following a hash image in the URL to display the real phishing website page,” Michael reported. “On the other hand, the referring internet site calls for a phishing internet site passed on to it as a parameter.”

In the party no URL parameter is passed to the referring site, guests are redirected to www.google[.]com.

The improvement arrives a thirty day period soon after the cybersecurity firm disclosed information of a phishing marketing campaign that was uncovered hosting its bogus login internet pages in AWS Amplify to steal users’ banking and Microsoft 365 credentials, together with card payment specifics by means of Telegram’s Bot API.

Discovered this posting interesting? Observe us on Twitter  and LinkedIn to browse more exceptional written content we publish.


Some pieces of this posting are sourced from:
thehackernews.com

Previous Post: «multiple flaws found in scrutisweb software exposes atms to remote Multiple Flaws Found in ScrutisWeb Software Exposes ATMs to Remote Hacking
Next Post: Nearly 2,000 Citrix NetScaler Instances Hacked via Critical Vulnerability nearly 2,000 citrix netscaler instances hacked via critical vulnerability»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • BREAKING: 7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in U.S. – Dutch Operation
  • OtterCookie v4 Adds VM Detection and Chrome, MetaMask Credential Theft Capabilities
  • Initial Access Brokers Target Brazil Execs via NF-e Spam and Legit RMM Trials
  • Deploying AI Agents? Learn to Secure Them Before Hackers Strike Your Business
  • Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials
  • Beyond Vulnerability Management – Can You CVE What I CVE?
  • Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android
  • Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell
  • 38,000+ FreeDrain Subdomains Found Exploiting SEO to Steal Crypto Wallet Seed Phrases
  • SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root

Copyright © TheCyberSecurity.News, All Rights Reserved.