Fortra has discovered a surge in phishing and other cyberattacks on Cloudflare’s trusted platforms. Cloudflare Pages’ ease of use and security features—usually assets for developers—are being exploited to create realistic phishing sites with custom domains and secure HTTPS connections, while Cloudflare Workers is misused for attacks that bypass traditional security controls. Although Cloudflare’s security mechanisms mitigate some abuse, cybercriminals continue to find new ways to exploit these trusted platforms.
Originally published in IT Nerd.
Excerpt: “While Cloudflare Pages and Workers are celebrated for their seamless user experience and robust security, cybercriminals are leveraging these very strengths to deceive unsuspecting victims. The nearly 200% spike in phishing activity on Cloudflare Pages this year signals an urgent need for increased vigilance—even on platforms we trust.”