Cloudflare Helps Disrupt Lumma Stealer Malware Network
Cloudflare has announced its participation in a coordinated effort to disrupt the Lumma Stealer malware operation.
The company's Cloudforce One and Trust and Safety teams worked alongside Microsoft and other partners to target Lumma Stealer, also known as LummaC2. This malware is part of a growing category of information-stealing tools posing serious risks to individuals and organizations.
Lumma Stealer exfiltrates credentials, cryptocurrency wallets, cookies, and other sensitive data from infected systems. The stolen data often fuels downstream criminal activities, including financial fraud, identity theft, and ransomware attacks.
Reportedly, the malware abused multiple infrastructure providers, including Cloudflare. In response, Cloudflare identified the abuse and joined a Microsoft-led takedown operation.
This disruption involved several private partners, including those impacted and those offering intelligence support. It also included cooperation from the U.S. Department of Justice, Europol's European Cybercrime Center (EC3), and Japan's Cybercrime Control Center (JC3).
According to Cloudflare, the operation denied Lumma Stealer operators access to: Their command-and-control panel and stolen data marketplace
The infrastructure used to collect and manage data
This action has increased operational and financial pressure on Lumma operators and their customers, forcing them to rebuild their malware services elsewhere.
Lumma Stealer is a Malware-as-a-Service platform. It allows cybercriminals to rent an admin panel, retrieve stolen data, and generate custom malware builds for global distribution.
The malware spreads mainly through social engineering. Victims are lured into downloading and executing the payload via fake messages or ads.
To mitigate Lumma Stealer threats, experts recommend a layered defense. The malware evolves quickly and often uses malvertising, phishing, and compromised software.
Cloudflare revealed several key security recommendations for enterprises and users: Block users from downloading executables and scripts from untrusted sources
Use reputable endpoint detection tools and apply application allow listing
Disable or restrict PowerShell and unsigned macros
Additionally, users should avoid saving passwords in browsers, clear autofill data, and disable autofill for sensitive information. Regular software updates and DNS filtering are also critical.
Enterprises should monitor for unusual connections, rare domain access, and suspicious script activity. Email and web filtering tools can also block malicious links and drive-by downloads.
Finally, user training is vital. Educating users about scareware, fake installers, and PowerShell misuse can help prevent infections and strengthen defenses against Lumma Stealer.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Gulf Today
20 hours ago
- Gulf Today
Microsoft to cut about 4% of jobs amid hefty investments in AI
Microsoft will lay off nearly 4% of its workforce, the company said on Wednesday, in the latest job cuts as the tech giant looks to rein in costs amid hefty investments in artificial intelligence infrastructure. The company, which had about 228,000 employees worldwide as of June 2024, had announced layoffs in May, affecting around 6,000 workers. It was planning to cut thousands of jobs, particularly in sales, Bloomberg News reported last month. The Windows maker had pledged $80 billion in capital spending for its fiscal year 2025. However, the soaring cost of scaling its AI infrastructure has weighed on its margins, with its June quarter cloud margin expected to shrink from last year. Microsoft said on Wednesday it planned to reduce organisational layers with fewer managers and streamline its products, procedures and roles. The Seattle Times first reported on the layoffs earlier on Wednesday. Separately, Bloomberg News reported Microsoft's Barcelona-based King division, which makes the Candy Crush video game, is cutting 10% of its staff, or about 200 jobs. Microsoft confirmed to Reuters that its gaming division was impacted by the layoffs, although not the majority of the unit, but did not provide further details. Big Tech peers, which are investing heavily in artificial intelligence, have also announced job cuts. Facebook parent Meta earlier this year said it would trim about 5% of its "lowest performers", while Alphabet's Google has also laid off hundreds of employees in the past year. Amazon has also cut jobs across its business segments, most recently in its books division. The company had earlier laid off employees in its devices and services unit, and communications staff. Economic uncertainties and rising costs have triggered layoffs across sectors in Corporate America, as companies rush to streamline operations and hedge against further cost pressures. Reuters
Zawya
a day ago
- Zawya
Cloud-based tools reshape how South Africa's businesses communicate
The digital communications landscape in South Africa and globally continues to shift, with cloud-based telephony tools increasingly replacing legacy PBX systems. This is according to Braintree, a local Microsoft solutions partner, which says tools such as Microsoft Teams Calling and Operator Connect are becoming core to how businesses collaborate and manage voice services. Doug Morrison, VP of modern workplace at Braintree, says companies are moving away from hardware-dependent systems toward software-based platforms that integrate voice, chat and video services under a single interface. 'Digital-first has become the default,' he says. 'It's not just about replacing phones; it's about embedding communication into business workflows.' Braintree cites IDC figures showing that unified communications as a service (UCaaS) accounted for 89% of global market revenue, with Microsoft leading the market at 44.7% share. These platforms allow companies to manage voice calling without traditional infrastructure, routing calls directly into Microsoft Teams through certified telecom partners. Braintree refers to the Forrester Total Economic Impact report, which found that small and medium businesses using Microsoft Teams Calling saw up to 45% total cost of ownership savings over three years, with enterprise customers reporting 17% savings. Both categories reported positive returns on investment. Beyond cost, Braintree says organisations are adopting cloud communications for greater flexibility and scalability. Operator Connect, Microsoft's voice integration service, enables organisations to provision and manage phone systems directly in the Teams admin centre, removing the need for on-site PBX equipment. Security has also become a key consideration. Cloud-based systems allow for encrypted communication, remote patch management, and access controls. Braintree notes that this is especially relevant for businesses with hybrid or remote workforces. Mobility is another driver. Employees can make and receive calls from any internet-connected device, which Braintree says reduces the need for fixed desk phones and enables flexible work policies. It adds that AI features now available in cloud systems can support compliance, call transcription, and workflow automation. Looking ahead, Braintree expects greater convergence between telephony, collaboration tools, and emerging technologies like AI and omnichannel messaging platforms. 'As tools become smarter and more integrated, communication is shifting from something you do separately to something embedded in how work gets done,' Morrison says.
Dubai Eye
a day ago
- Dubai Eye
Sheikh Abdullah discusses boosting bilateral ties with Ghana counterpart
Sheikh Abdullah bin Zayed Al Nahyan, Deputy Prime Minister and Minister of Foreign Affairs, and his counterpart in Ghana, Okudzeto Ablakwa, have explored ways to further strength bilateral ties during a phone call. The diplomats reviewed the evolving relations between the countries, and mechanisms to support and enhance cooperation across various fields, reported national news agency WAM. Earlier this year, the UAE proposed a comprehensive strategic partnership with Ghana, shortly before they signed a deal to establish a technology hub in the West African country's capital that is expected to attract over 11,000 global technology firms, including global tech giants like Microsoft, and Meta.
