Cado Security has discovered threat actors abusing Cloudflare's WARP service to launch scanning and reconnaisance attacks.
Cado says the attacks are leveraging a common misconfiguration where system administrators are allowlisting all of Cloudflare's IP ranges instead of just those specific to a given service.
The company says it has observed crypto-mining and SSH brute-force groups use this technique to bypass Cloudflare security defenses.
https://www.cadosecurity.com/news-and-events/warpscan-cloudflare-warp-abused-to-hijack-cloud-services
Catalin Cimpanu /
npub1tq…3aefw
2024-07-18 14:33:57
Author Public Key
npub1tqfukrqgh928vktkl6vx063ck2c4yn3ek8m44v3txfhztqe65anq63aefwPublished at
2024-07-18 14:33:57Event JSON
{
"id": "8c506f0de6d120af39159004039802de7111c8e9d60f4d84ce324335c54d30c6",
"pubkey": "5813cb0c08b954765976fe9867ea38b2b1524e39b1f75ab22b326e25833aa766",
"created_at": 1721313237,
"kind": 1,
"tags": [
[
"proxy",
"https://mastodon.social/users/campuscodi/statuses/112807984299398814",
"activitypub"
]
],
"content": "Cado Security has discovered threat actors abusing Cloudflare's WARP service to launch scanning and reconnaisance attacks.\n\nCado says the attacks are leveraging a common misconfiguration where system administrators are allowlisting all of Cloudflare's IP ranges instead of just those specific to a given service.\n\nThe company says it has observed crypto-mining and SSH brute-force groups use this technique to bypass Cloudflare security defenses.\n\nhttps://www.cadosecurity.com/news-and-events/warpscan-cloudflare-warp-abused-to-hijack-cloud-services",
"sig": "dd7ec7981965d75621d561ee1e11a9d176dcb7f86b34178aba344c566f84b58fe8d695ba53b1902ff2a68b62cf1898c8cdfc9372a839575cd79c06ee25d6e57e"
}