GuidePoint Security tells us that hackers are hijacking legitimate security tools commonly used by network administrators and developers for malicious purposes.
In the world of cybersecurity, the tools used to protect Internet users can just as well turn against them. This is revealed by the experts at GuidePoint Security, in an article that highlights an increasingly common practice among hackers:use of tunneling software to conceal activity to their servers. A technique that makes them difficult to detect with traditional protection software.
Some hackers would use services offered by Cloudflare, a company whose smallest network outage affects thousands of websites. It also offers tools such as Cloudflare Tunnel, which allows creators of applications or web services to protect their servers against data breaches or DDoS attacks. Unfortunately, what’s good for these IT pros is good for cybercriminals too.
Hackers hijack cybersecurity software to hide their illicit activities
Hackers now protect their illicit activities by establishing encrypted tunnels from compromised devices to their command centers. The stealth HTTPS connections thus created hide the traffic coming from the victims. In addition, hackers then have the ability to deactivate and reactivate this tunnel at will or to “modify its configuration on the fly”. In effect, the victim’s system sends sensitive or personal data to the hackers’ servers, and no software can analyze this activity.
To apply this technique, the hacker must validate three steps : set up a tunnel on Cloudflare, access the victim’s machine to run the Cloudflared application, and finally connect to the Cloudflared tunnel as a client to access the victim’s machine. Understandably, this technique is particularly aimed at companies and public entities, which is why, according to GuidePoint Security, it is up to IT technicians to establish policies “to prevent this tool from running without an approval process manual “.