U.S. Government Agency

Cloudflare deploys curated threat intelligence feed to protect selected financial institutions

Challenge: Protecting financial services against targeted attacks

The financial sector is a top target for cyber threat actors. Successful attacks against financial services institutions provide an easy path for cybercriminals to monetize their attacks. Additionally, these organizations hold large volumes of sensitive data that can be used for various fraudulent activities.

Knowledge of new and emerging attack campaigns is critical for these organizations to identify and block attacks before an intrusion occurs. However, the sensitive nature of the industry makes sharing threat intelligence a complex issue.

Solution: Providing seamless access to custom threat indicators

A strategic partnership between Cloudflare and some U.S. government entities has enabled Cloudflare to provide custom threat indicators to approved financial services providers. These custom threat indicators are derived from a combination of Cloudflare data and that provided by its U.S. government partners.

This curated threat intelligence feed provides financial institutions with access to known IP addresses, URLs, and domain names of the attacker’s infrastructure as well as malware hashes and identification of the attackers behind the group. Each indicator has been reviewed by analysts to verify that it is associated with an attack campaign before it is included in the Cloudflare dataset.

This custom indicator service was rolled out to select financial institutions via the Cloudflare DNS Gateway. Selected organizations only need to select a checkbox to activate the Custom Indicator Feed in their DNS Gateway and can generate specific filters based on this threat intelligence.

Impact: Curated threat intelligence reduces threat exposure

Integrating curated threat intelligence into Cloudflare DNS Gateway dramatically reduces the exposure of financial institutions to common cyber threats. These attacks are automatically blocked at the Cloudflare network, preventing them from reaching target systems.

In Q1 2024, Cloudflare observed 41 billion malicious HTTP requests targeting the Banking, Financial Services, and Insurance (BFSI) industry with distributed denial of service (DDoS) attacks. As new botnet IP addresses are identified and added to the Custom Threat Indicator Feed, Cloudflare will be able to identify and block attempted attack traffic for participating institutions,

Phishing attacks are another threat where this service brings clear value to participating financial institutions. Knowledge of IP addresses, domain names, and file hashes associated with emerging phishing attack campaigns enables Cloudflare to better filter malicious emails and sever command and control (C2) channels between malware and attacker-controlled infrastructure, limiting the damage that can be done to infected systems.