Carding
Professional
- Messages
- 2,870
- Reaction score
- 2,511
- Points
- 113
Netskope found that scammers are using the service more and more often.
Over the past 6 months, attackers have become ten times more likely to use Cloudflare R2 for phishing campaigns. At the same time, the total number of cloud services from which users can download malware has increased to 167. The top five are Microsoft OneDrive, Squarespace, GitHub, SharePoint, and Weebly.
"Most phishing campaigns target Microsoft's login details, although there are also sites that target Adobe, Dropbox, and other cloud applications," said Ian Michael, a security researcher at Netskope.
Cloudflare R2, similar to Amazon Web Service S3, Google Cloud Storage, and Azure Blob Storage, is a popular cloud storage service. Netskope has discovered that hackers are exploiting Cloudflare R2 not only to distribute fake pages, but also to bypass security systems. The Turnstile service, which replaces the CAPTCHA test, helps you do this.
Thus, the algorithm does not give online crawlers like urlscan.io get to the real scam site, because the CAPTCHA ends up failing.
For greater reliability, malicious content is loaded only under certain conditions.
"A malicious website needs a timestamp after the grid symbol to display a real phishing page," Michael explained.
About a month ago, Netskope identified another campaign that used fake authorization pages hosted in the AWS Amplify service. The goal of this campaign was to steal bank data, Microsoft 365 accounts, and user payment card data using a Telegram bot.
Over the past 6 months, attackers have become ten times more likely to use Cloudflare R2 for phishing campaigns. At the same time, the total number of cloud services from which users can download malware has increased to 167. The top five are Microsoft OneDrive, Squarespace, GitHub, SharePoint, and Weebly.
"Most phishing campaigns target Microsoft's login details, although there are also sites that target Adobe, Dropbox, and other cloud applications," said Ian Michael, a security researcher at Netskope.
Cloudflare R2, similar to Amazon Web Service S3, Google Cloud Storage, and Azure Blob Storage, is a popular cloud storage service. Netskope has discovered that hackers are exploiting Cloudflare R2 not only to distribute fake pages, but also to bypass security systems. The Turnstile service, which replaces the CAPTCHA test, helps you do this.
Thus, the algorithm does not give online crawlers like urlscan.io get to the real scam site, because the CAPTCHA ends up failing.
For greater reliability, malicious content is loaded only under certain conditions.
"A malicious website needs a timestamp after the grid symbol to display a real phishing page," Michael explained.
About a month ago, Netskope identified another campaign that used fake authorization pages hosted in the AWS Amplify service. The goal of this campaign was to steal bank data, Microsoft 365 accounts, and user payment card data using a Telegram bot.
