Security News > 2023 > August > Hackers increasingly abuse Cloudflare Tunnels for stealthy connections
Hackers are increasingly abusing the legitimate Cloudflare Tunnels feature to create stealthy HTTPS connections from compromised devices, bypass firewalls, and maintain long-term persistence.
The technique isn't entirely new, as Phylum reported in January 2023 that threat actors created malicious PyPI packages that used Cloudflare Tunnels to stealthy steal data or remotely access devices.
CloudFlare Tunnels is a popular feature provided by Cloudflare, allowing users to create secure, outbound-only connections to the Cloudflare network for web servers or applications.
Cloudflare Tunnels provide a range of access controls, gateway configurations, team management, and user analytics, giving users a high degree of control over the tunnel and the exposed compromised services.
In GuidePoint's report, the researchers say that more threat actors abuse Cloudflare Tunnels for nefarious purposes, such as gaining stealthy persistent access to the victim's network, evading detection, and exfiltrating compromised devices' data.
If the attacker wants to be even more stealthy, they can abuse Cloudflare's 'TryCloudflare' feature that lets users create one-time tunnels without creating an account.