TapTechNews August 4th news, the security company Proofpoint released a report indicating that recently a large number of hackers are abusing Cloudflare's free trial service. These hackers mainly freeload the Tunnel service provided by Cloudflare to transmit various malicious contents, with a certain degree of anti-reconnaissance.
According to the introduction, tunnel technology is similar to SSH, allowing users to remotely access local network data resources, and the TryCloudflare free trial service provided by Cloudflare gives hackers an opportunity. These hackers mainly register accounts in batches to try the one-time tunnel service, since the subnet domain name generated by Cloudflare each time is different, which means that hackers can fire a shot and change a place, further covering up the location of their real server.
TapTechNews learned that the security company claims that they have been tracking the behavior of hackers abusing the TryCloudflare tunnel since 2023, and now these behaviors are becoming more and more common, hackers usually use Cloudflare's tunnel as a springboard to send a large number of malicious Trojans, and at the same time spread various phishing emails for attacks.
Researchers also mentioned that some hackers also use Python scripts, integrating other technologies such as WebDAV and SMB to attack through network vulnerabilities, which means that the relevant hackers have the ability to install malicious Trojans directly on the victim's devices, and the tunnel service provided by Cloudflare has instead become the umbrella of the hackers.