The NCCC: Data leakage* from Cloudflare service, which threatens the security of public and private resources, has been detected

Specialists of the National Coordination Center for Cybersecurity at the National Security and Defense Council of Ukraine have detected in DarkNet a list of almost 3 million websites that use Cloudflare service to protect against DDoS and a number of other cyberattacks.

Cloudflare provides network services to hide real IP addresses for mitigating DDoS attacks, Internet security services, and distributed domain name server services.

The published list contains real IP addresses of sites, which poses a threat of attacks aimed at them. In particular, such addresses include 45 records with the domain “gov.ua” and over 6,5 thousand with the domain “ua”, in particular, resources belonging to critical infrastructure objects.

The NCCC experts have already analyzed the information regarding Ukrainian sites: information on some resources is outdated. However, the other part remains relevant.

So far, the NCCC has reported a threat to key cybersecurity actors. The owners of all resources whose IP addresses have been compromised due to a leak are being notified.

Owners of compromised resources are encouraged, if possible, to promptly change the IP addresses of web resources and increase the monitoring of cyberattacks on these resources.

It bears reminding that in early June 2020, the NCCC recorded a new type of DDoS attack on the territory of Ukraine, which is used to block the networks of communication providers.

* in this context, data leakage refers to the spread of sensitive data on the Internet, which is not related to hacking the system.