Cloudflare has announced its threat intelligence team, Cloudforce One, will make its research public for the first time ever as part of a commitment to democratize access to critical threat insights. Combining the expertise of the Cloudforce One team with the power of the company’s global network — one of the largest in the world — security teams can now access timely information on the malicious tactics and trends that underpin the 158 billion threats Cloudflare’s network blocks daily.
Threat actors are mission driven. Motivated by efficiency and profit, they continuously shift tactics to uncover novel ways to pull off sophisticated and successful exploits. The result is a constantly evolving, complex, and overwhelming threat landscape, reflected by the projection of cybercrime to hit an annual $10.5 trillion in 2025. As security teams work to juggle and combat the risks that have led to a 72% increase in data breaches over the past few years, access to threat intelligence has never been more critical. It provides clarity around the causes of these breaches and proactive measures to prevent them, so security leaders can make more informed decisions that move the needle towards resilience.
“We believe in helping build a more secure, reliable Internet. But that can’t exist unless we disrupt and drain the resources of the hackers who abuse its power for personal or political gain,” said Matthew Prince, CEO and cofounder at Cloudflare. “Today, Cloudflare is giving defenders a leg up in the race, by committing to continuously share nuanced threat intelligence that no other company has access to, with the industry at-large.”
Cloudflare’s Threat Intelligence Portal provides a centralized view across the entire threat landscape. Through Cloudforce One, Cloudflare now offers its own experts to help identify and respond to emerging threats, while also providing real-time reconnaissance. Today, the Cloudforce One team published deep insight on:
- A South Asia-focused threat actor targeting governments, defense sectors, and critical infrastructure: Deemed “SloppyLemming,” this threat actor has been carrying out attacks predominantly targeting Pakistan. SloppyLemming primarily leverages credential harvesting techniques—e.g., tactics that involve stealing personal or financial data from users—to exploit its targets.
- Increased attacks on the global supply chain – freight fraud is on the rise: Since January 2024, the organizations that connect shippers with goods have seen a sizable uptick in fraudulent attacks. One Fortune 500 food and beverage customer has experienced about 10 of these incidents consistently every month since the start of the year. The most widely used technique to execute attacks on these organizations is “double-brokering,” a man in the middle method where a threat actor impersonates a transport company to capture payment for deals.
“Threat intelligence is a non-negotiable when it comes to tipping the scale back in favor of defenders. And with Cloudflare’s global network as our foundation, Cloudforce One identifies and defends against attacks with an arsenal that is unmatched,” said Blake Darché, Head of Cloudforce One at Cloudflare. “In this new era of threat intelligence, Cloudforce One is perfectly positioned to detect and degrade today’s threat actors who erode trust and wreak havoc.”
To keep up with ongoing threat intelligence released by the Cloudforce One team, subscribe to updates on the Cloudforce One Threat Intelligence website. Existing Cloudflare customers will have access to new Cloudforce One intelligence through their Cloudflare security dashboard.