In summary: “The abuse of Cloudflare Tunnel infrastructure further complicates network visibility by giving the actor a disposable and encrypted transport layer for staging malicious files without maintaining traditional infrastructure,” concluded Securonix’s Peck.
What to do
Securonix’s recommendations start with the most basic advice to block attachments and treat any external link as suspicious. That’s easier said than done, of course, although the rise of collaboration systems such as Teams gives employees an alternative way of sharing files that doesn’t involve sending and receiving emails.
Beyond that, it’s a case of turning on more detailed endpoint logging, monitoring software tools when they’re executed from unusual locations and enabling Windows file extension visibility, said Securonix.
