dropbox - X-Industry - Red Sky Alliance2024-03-28T09:32:33Zhttps://redskyalliance.org/xindustry/feed/tag/dropboxCyber Criminals Abusing Cloudflare R2https://redskyalliance.org/xindustry/cyber-criminals-abusing-cloudflare-r2-12023-08-30T16:00:00.000Z2023-08-30T16:00:00.000ZJim McKeehttps://redskyalliance.org/members/JimMcKee<div><p><a href="{{#staticFileLink}}12213048281,RESIZE_584x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}12213048281,RESIZE_400x{{/staticFileLink}}" alt="12213048281?profile=RESIZE_400x" width="250" /></a>Threat actors' use of Cloudflare R2 to host phishing pages has witnessed a 61-fold increase over the past six months. The majority of the phishing campaigns target Microsoft login credentials, although some pages are targeting Adobe, Dropbox, and other cloud apps, was recently reported by security researchers. Cloudflare R2, analogous to Amazon Web Service S3, Google Cloud Storage, and Azure Blob Storage, is a data storage service for the cloud.<a href="#_ftn1">[1]</a></p>
<p>Cloudflare R2 is a zero-egress distributed object storage that allows developers to store large amounts of unstructured data without the costly egress bandwidth fees associated with typical cloud storage services. It is designed for the edge and offers the ability to store large amounts of data, expanding what’s possible with Cloudflare while slashing the egress bandwidth fees associated with cloud provider storage to zero. Cloudflare’s R2 Storage will allow developers to decrease their cloud provider egress and storage bills. R2 builds on Cloudflare’s commitment to the Bandwidth Alliance, providing zero-cost egress for stored objects no matter your request rate. Egress bandwidth is often the largest charge for developers utilizing object storage and is also the hardest to predict. </p>
<p>The development comes as the total number of cloud apps from which malware downloads originate has increased to 167, with Microsoft OneDrive, Squarespace, GitHub, SharePoint, and Weebly taking the top five spots. The phishing campaigns identified by Netskope not only abuse Cloudflare R2 to distribute static phishing pages but also leverage the company's Turnstile offering, a CAPTCHA replacement, to place such pages behind anti-bot barriers to evade detection. Doing so prevents online scanners like urlscan.io from reaching the actual phishing site, as the CAPTCHA test results in a failure.</p>
<p>As an additional layer of detection evasion, the malicious sites are designed to load the content only when certain conditions are met. The malicious website requires a referring site to include a timestamp after a hash symbol in the URL to display the actual phishing page. On the other hand, the referring site requires a phishing site passed on to it as a parameter.</p>
<p>If no URL parameter is passed to the referring site, visitors are redirected to <a href="http://www.google">www.google</a>[.]com. The development comes a month after cybersecurity investigators disclosed details of a phishing campaign that was found hosting its bogus login pages in AWS Amplify to steal users' banking and Microsoft 365 credentials, along with card payment details via Telegram's Bot API.</p>
<p> </p>
<p><em>This article is presented at no charge for educational and informational purposes only.</em></p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225, or feedback@redskyalliance.com</p>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a> <br /> Website: <a href="https://www.redskyalliance.com/">https://www.redskyalliance.com/</a><br /> LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www.linkedin.com/company/64265941</a></p>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5993554863383553632">https://attendee.gotowebinar.com/register/5993554863383553632</a> </p>
<p> </p>
<p><a href="#_ftnref1">[1]</a> <a href="https://thehackernews.com/2023/08/cybercriminals-abusing-cloudflare-r2.html">https://thehackernews.com/2023/08/cybercriminals-abusing-cloudflare-r2.html</a></p></div>Snowflake & Red Sky Alliancehttps://redskyalliance.org/xindustry/snowflake-red-sky-alliance2022-06-15T20:01:05.000Z2022-06-15T20:01:05.000ZJim McKeehttps://redskyalliance.org/members/JimMcKee<div><p><a href="{{#staticFileLink}}10571228084,RESIZE_400x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}10571228084,RESIZE_400x{{/staticFileLink}}" width="250" alt="10571228084?profile=RESIZE_400x" /></a>Data cloud company Snowflake (NYSE: SNOW) is the latest enterprise technology firm looking to help fuel the massive data lakes that power enterprise security programs. Snowflake recently launched a new Cybersecurity workload that helps cybersecurity teams to better protect their enterprises using its platform and an extensive ecosystem of partners delivering security capabilities with connected applications, cybersecurity teams can quickly gain visibility and automation at cloud scale.<a href="#_ftn1">[1]</a></p>
<p>“With Snowflake’s Data Cloud, cybersecurity teams can break down data silos to enable better visibility, deliver advanced analytics that remove manual processes, and give security teams a clearer picture of evolving risks and threats coming their way,” Omer Singer, Head of Cybersecurity Strategy at Snowflake, stated.</p>
<p>Red Sky Alliance’s data sets are available on Snowflake’s Data Lake:</p>
<p><strong> See: <a href="https://www.wapacklabs.com/snowflake">https://www.wapacklabs.com/snowflake</a></strong></p>
<p>Jim McKee, Red Sky Alliance CEO, said in a recent interview, “We were pleased when Snowflake contacted us two years ago to participate in their Data Lake as their first cyber security partner. Our data sets can be combined with other data sets and/or client’s net flow and analyses can be performed on our Cyber Threat Analysis Center (CTAC) which is also available on Snowflake.com.”</p>
<p>See: <a href="https://www.wapacklabs.com/news/2020/11/18/rsa-snowflake-team-up">https://www.wapacklabs.com/news/2020/11/18/rsa-snowflake-team-up</a></p>
<p>Red Sky Alliance’s data sets will be featured in a demonstration at the Snowflake Summit 2022 June 14-15, 2022. </p>
<p>See: <a href="https://www.snowflake.com/summit/livestream/?utm_cta=homepage-hero-summit-livestream">https://www.snowflake.com/summit/livestream/?utm_cta=homepage-hero-summit-livestream</a></p>
<p>With Snowflake’s Data Cloud, customers can unify logs and enterprise data and store virtually unlimited amounts of “hot” data cost-effectively for years.</p>
<p>“Customers are able to efficiently store years of high-volume data, search with scalable on-demand compute resources,” Snowflake says, “and gain insights using universal languages like SQL and Python, currently in private preview. With Snowflake, organizations can also unify their security data with enterprise data in a single source of truth, enabling contextual data from HR systems or IT asset inventories to inform detections and investigations for higher fidelity alerts, and running fast queries on massive amounts of data.”</p>
<p>Snowflake says security teams at companies like CSAA Insurance Group, DoorDash, Dropbox, Figma, and Netgear are already using its Cybersecurity workload.</p>
<p>“With access to all of the data sources in Snowflake as our security data lake, we have better correlations across multiple attack surfaces and analytics are automatically actionable. And as a result, it has led to a faster incident response from our side,” said Pallavi Damle, Vice President of Enterprise Cybersecurity at Netgear.</p>
<p>Beyond threat detection and response, Snowflake says the new workload supports use cases including security compliance, cloud security, identity and access, vulnerability management, and more. </p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs. com</a> </p>
<p>Weekly Cyber Intelligence Briefings:</p>
<ul>
<li>Reporting: <a href="https://www.redskyalliance.org/">https://www. redskyalliance. org/</a></li>
<li>Website: <a href="https://www.wapacklabs.com/">https://www. wapacklabs. com/</a></li>
<li>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www. linkedin. com/company/64265941</a> </li>
</ul>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5504229295967742989">https://attendee.gotowebinar.com/register/5504229295967742989</a></p>
<p> </p>
<p><a href="#_ftnref1">[1]</a> <a href="https://www.securityweek.com/snowflake-launches-cybersecurity-workload-find-threats-across-massive-data-sets">https://www.securityweek.com/snowflake-launches-cybersecurity-workload-find-threats-across-massive-data-sets</a></p></div>