Security News > 2023 > August > Cybercriminals Abusing Cloudflare R2 for Hosting Phishing Pages, Experts Warn

Threat actors' use of Cloudflare R2 to host phishing pages has witnessed a 61-fold increase over the past six months.

"The majority of the phishing campaigns target Microsoft login credentials, although there are some pages targeting Adobe, Dropbox, and other cloud apps," Netskope security researcher Jan Michael said.

The phishing campaigns identified by Netskope not only abuse Cloudflare R2 to distribute static phishing pages, but also leverage the company's Turnstile offering, a CAPTCHA replacement, to place such pages behind anti-bot barriers to evade detection.

It prevents online scanners like urlscan.io from reaching the actual phishing site, as the CAPTCHA test results in a failure.

"The malicious website requires a referring site to include a timestamp after a hash symbol in the URL to display the actual phishing page," Michael said.

"On the other hand, the referring site requires a phishing site passed on to it as a parameter."

News URL

https://thehackernews.com/2023/08/cybercriminals-abusing-cloudflare-r2.html