Threat Management, Network Security, Threat Management

Phony CloudFlare DDoS page redirects victims to Nuclear EK

Threat actors are using a fake CloudFlare DDoS (distributed denial-of-service) check page as a Nuclear exploit kit (EK) gate to load a malicious redirection that ultimately triggers the EK, Malwarebytes Security Researcher Jerome Segura said in a blog post.

“Upon further check, the server's IP address is clearly visible and does not belong to CloudFlare at all,” he wrote.

Because CloudFlare is a cloud security firm that offers DDoS and other website protection services, attackers may hope victims will more likely fall for the ruse.  

But NSFOCUS IB's Principal Sales Engineer and Technical Expert Stephen Gates told in a Thursday email correspondence that the phony page could backfire for the threat actors.

“In this case, the tactic seen here is being used to give users some sort of comfort level; however, the general public, in most cases, knows nothing about CloudFlare,” Gates said. “This tactic may actually reduce the attacker's success ratio. Many users may close their browsers before being redirected to the actual malicious website,” he said.

Gates recommended that users protect themselves by keeping their systems updated and patched at all times. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.