NCCC detects data leakage from Cloudflare service threatening security of public, private resources
Specialists of the National Coordination Center for Cybersecurity at the National Security and Defense Council of Ukraine (NSDC) have detected in DarkNet a list of almost 3 million websites that use Cloudflare service to protect against DDoS and a number of other cyberattacks.
"Cloudflare provides network services to hide real IP addresses for mitigating DDoS attacks, Internet security services, and distributed domain name server services," the NSDC said on Facebook on Sunday evening.
The NSDC stressed that the published list contains real IP addresses of websites, which poses a threat of attacks aimed at them. "In particular, such addresses include 45 records with the domain 'gov.ua' and over 6,500 with the domain 'ua,' in particular, resources belonging to critical infrastructure objects," it said.
"The NCCC experts have already analyzed the information regarding Ukrainian websites: information on some resources is outdated. However, the other part remains relevant," the message reads.
The NSDC said that the NCCC had reported a threat to key cybersecurity actors. The owners of all resources whose IP addresses have been compromised due to a leak are being notified.
"Owners of compromised resources are encouraged, if possible, to promptly change the IP addresses of web resources and increase the monitoring of cyberattacks on these resources," the NSDC said.
The NSDC said that in early June 2020 the NCCC recorded a new type of DDoS attack on the territory of Ukraine, which is used to block the networks of communication providers.