Account Takeover Protection and WAF mitigations to help stop Global Brute Force Campaigns

A cybersecurity advisory has been published by international security agencies warning about widespread attacks against government and private sector targets worldwide since mid-2019. These attacks involve brute force access attempts, network traversal using known vulnerabilities, and deployment of remote shells for gathering additional information. In response to this ongoing threat, Cloudflare has accelerated the release timeline of its WAF mitigations and exposed credential check feature to protect its customers. The company is also encouraging users to implement additional best practices such as multi-factor authentication, account time-out and lock-out features, and stronger methods of authentication that require "having" something like a hard token or client certificate.