A large data leak from the Cloudflare service threatens the security of public and private Internet resources since many of them use it to hide their real IP addresses to protect themselves against hacker attacks. These resources include critical infrastructures, according to the National Security and Defence Council.
Specialists from the National Coordination Center for Cyber Security at the National Security and Defence Council of Ukraine found in DarkNet a list of almost 3 million sites that use the Cloudflare service for protection against DDoS and many other cyberattacks.
Cloudflare provides network services for hiding real IP addresses to mitigate DDoS attacks, Internet security services, and distributed domain name server services.
The published list contains the real sites’ IP addresses, which poses a threat of attacks aimed at them. In particular, such addresses include 45 records with the domain “gov.ua” and more than 6,500 with the domain “ua,” including the resources that belong to critical infrastructures.
The center’s experts have already analysed the information on Ukrainian sites: it is outdated on some resources. However, others remain relevant. So far, the National Coordination Center for Cyber Security has reported a threat to key cybersecurity actors. The owners of all resources whose IP addresses have been compromised due to a data loss are getting informed now.
The owners of compromised resources are encouraged, if possible, to promptly change the IP addresses of web resources and increase monitoring of cyberattacks on them.
To recap, in early June 2020, the National Coordination Center for Cyber Security registered a new type of DDOS attack on the territory of Ukraine, which is used to block the communication providers’ networks.
Natalia Tolub