Latest news with #BlakeDarché
Techday NZ
22-05-2025
- Techday NZ
Cloudflare, Microsoft & police disrupt global malware service
Cloudflare, in partnership with Microsoft and international law enforcement, has helped dismantle the infrastructure supporting LummaC2, an information-stealing malware service regarded as a significant threat to users and organisations worldwide. This collaborative effort targeted key elements of the Lumma Stealer operation, resulting in the seizure, takedown and blocking of malicious domains, as well as disruption to digital marketplaces used by criminals to distribute and monetise stolen data. Cloudflare also banned a number of accounts used in the deployment and configuration of these domains, aiming to weaken the underlying ecosystem relied on by cybercriminals. Lumma Stealer, also known as LummaC2, operates as a subscription-based service that enables threat actors to access a central administrative panel through which they can acquire customised malware builds and retrieve data stolen from victims. Stolen information includes credentials, cryptocurrency wallets, cookies and various forms of sensitive data, which can subsequently facilitate identity theft, financial fraud and intrusions into both consumer and enterprise environments. Blake Darché, Head of Cloudforce One at Cloudflare, said: "Lumma goes into your web browser and harvests every single piece of information on your computer that could be used to access either dollars or accounts – with the victim profile being everyone, anywhere at any time. The threat actors behind the malware target hundreds of victims daily, grabbing anything they can get their hands on. This disruption worked to fully setback their operations by days, taking down a significant number of domain names, and ultimately blocking their ability to make money by committing cybercrime. While this effort threw a sizable wrench into the largest global infostealers infrastructure, like any threat actor, those behind Lumma will shift tactics and reemerge to bring their campaign back online." First observed on Russian-language crime forums in early 2023, Lumma Stealer's operations have increasingly shifted to Telegram, where cybercriminals buy access and share data using cryptocurrency. Logs of stolen credentials, known as "logs", are indexed and made available through Lumma's own marketplace or resold via other criminal networks. The spread of Lumma Stealer is primarily achieved through social engineering campaigns. These include deceptive pop-ups — part of a method called ClickFix — which trick users into executing malicious scripts, as well as by bundling payloads in cracked versions of legitimate software and distributing them via pay-per-install networks. The malware's developers invest in bypassing detection from antivirus solutions, increasing the risk to affected users and organisations. Cloudflare's disruption operations involved placing a Turnstile-enabled interstitial warning page on domains associated with Lumma's command and control servers as well as its marketplace. In addition to impeding access, Cloudflare collaborated with leading industry partners, including Microsoft, multiple registry authorities, the FBI, the U.S. Department of Justice, Europol's European Cybercrime Center, and Japan's Cybercrime Control Center. This was intended to ensure that the criminals could not simply migrate their infrastructure or regain control via alternative registrars. The tactics used by Lumma's operators relied on abusing infrastructure belonging to providers like Cloudflare, often to obscure the origin IP addresses of servers used to store stolen data. Cloudflare's Trust and Safety team repeatedly suspended malicious accounts and flagged illicit domains, escalating countermeasures after the malware was observed bypassing its initial warning pages. Mitigation advice for users and organisations includes restricting the execution of unknown scripts, limiting the saving of passwords in browsers, and employing reputable endpoint protection tools capable of detecting credential theft. Regular software updates, DNS filtering and user education around the risks of malvertising and fake software installers are also highlighted as part of a comprehensive defence strategy. By disrupting Lumma Stealer's infrastructure and limiting access to its command and control services, the operation has imposed significant operational and financial constraints on both the core operators and the wider criminal clientele. The disruption aims to undermine the infostealer-as-a-service model that has contributed to increased instances of cyber-enabled fraud, enterprise security breaches, and ransomware incidents.
TECHx
19-03-2025
- Business
- TECHx
Cloudflare Unveils Cloudforce One to Tackle Cyber Threats - TECHx Media Cloudflare Unveils Cloudforce One to Tackle Cyber Threats
Cloudflare Unveils Cloudforce One to Tackle Cyber Threats News Desk - Share Cloudflare, Inc. (NYSE: NET), a connectivity cloud company, has unveiled the Cloudforce One threat events platform to provide real-time intelligence on cyberattacks across the Internet. Leveraging data from Cloudflare's expansive global network, this new platform aims to help security teams detect issues faster, respond more effectively, and stay ahead of evolving cybercriminal tactics. As cybercriminals continue to adapt, exploiting new vulnerabilities and targeting systems in novel ways, the cost of cybercrime is expected to reach $10.5 trillion by 2025. Organizations must stay informed to defend against this growing threat landscape. Traditional threat intelligence feeds often fall short, lacking meaningful context and actionable insights. Cloudforce One addresses this by providing more precise, real-time information that empowers security teams to better protect their systems. Matthew Prince, co-founder and CEO of Cloudflare, emphasized, 'Not all threat feeds are reliable or timely. The industry is plagued by stale or fragmented insights, which significantly increase the risk of cyberattacks.' He added, 'Cloudflare's unique global network visibility positions us to provide the most complete and accurate threat intelligence, making our platform one of the most comprehensive options available.' The Cloudforce One threat events platform is built on Cloudflare Workers AI, offering scalable, resilient performance during data surges from unpredictable Internet attacks. Starting today, the platform delivers several key benefits for organizations: Comprehensive Attack Stream View : Users gain a real-time timelapse view of ongoing attacks, providing relevant threat insights and enabling detailed analysis. : Users gain a real-time timelapse view of ongoing attacks, providing relevant threat insights and enabling detailed analysis. Targeted Action Against Threat Actors : Security teams receive personalized data tailored to their environment, industry, or region, along with actionable indicators of compromise (IoCs) and event summaries, including profiles of threat actor groups. : Security teams receive personalized data tailored to their environment, industry, or region, along with actionable indicators of compromise (IoCs) and event summaries, including profiles of threat actor groups. Improved Security Efficiency: By offering valuable context around gathered data, the platform helps security teams prioritize critical threats, maximizing the impact of limited resources and enhancing the overall security posture of businesses. Blake Darché, Head of Cloudforce One at Cloudflare, noted, 'Organizations need actionable threat intelligence to understand the scale of threats they face and how hackers are evolving. Cloudforce One focuses on the most pressing threats to a customer's specific environment, eliminating irrelevant data and minimizing false positives.' Cloudflare's Cloudforce One platform provides an advanced solution for staying ahead of cybercriminals, offering tailored, timely, and actionable threat intelligence for modern organizations.
