Back to all blog posts

Why Tech Giants Stay Tech Giants

By Alexander Aviles | September 29, 2025
PlatformThreat IntelligenceCloud

Introduction

Cybersecurity is an ecosystem with trust as its currency.

Organizations that consistently provide reliable defenses against cyber threats have become indispensable, even when their own names appear in the headlines. The recent experience by hacking education platform pwn.college provides a concrete example of how Cloudflare demonstrates this dynamic, reinforcing why it remains a cornerstone of modern internet security infrastructure, or simply put, a Tech Giant.

The Ransom

The incident began with a ransom demand posted publicly to the pwn.college Discord server. The attacker, signing themselves as “RTA$,” threatened to hold the site unavailable unless €250 in Monero was paid within 24 hours. The message included a wallet address and a contact email. In a more broad perspective, this low effort extortion attempt was looking to project results through urgency.

Despite the message however, Dr. Connor Nelson on the pwn.college team informed me that the actual traffic was not a traditional flood. Instead, the attacker issued repeated requests that triggered database workload on the backend. The bandwidth was low, but the application cost was high for the pwn.college servers from a meager approach designed to exhaust the backend resources in a DDOS-style attack.

So the team had to decide how to recover.

Turning to the Tech Giants

Steps to Mitigation

1. Initial exploration. Dr. Nelson's first instinct was to defend locally, using iptables or nginx rate limiting. These measures are effective in limited scenarios, but against distributed or adaptive adversaries they devolve into a game of cat and mouse, where the defenders block one set of IPs while attackers rotate to others. He did not want to waste time playing cat and mouse.

2. Escalation to Cloudflare proxying. Although pwn.college had already placed its DNS with Cloudflare, traffic still flowed directly to pwn.college's server. The critical step was enabling Cloudflare's full proxy service, routing all HTTP requests through Cloudflare's edge servers. Only then did Cloudflare's defenses become active for the platform.

3. Restricting the attack surface. Next, the team restricted port 443 access so that only Cloudflare IP ranges could reach the backend. Without this, attackers could simply bypass the proxy and target the original server directly.

4. “Under Attack” mode. Even these controls did not fully deter the adversary until the team activated Cloudflare's "Under Attack" mode. This mode injects a 5 second challenge to detect non-human clients. The moment it was enabled, the malicious traffic stopped.

5. Future hardening. Dr. Nelson also enlightened me on further measures for resilience, which included: caching authenticated/unauthenticated data at the edge, implementing per-user throttling for expensive operations, and deploying application-aware rate limits. But the immediate threat however was neutralized by leveraging Cloudflare's quickly implemented defenses.

The Bigger Picture

This case must be viewed alongside reports of Cloudflare's involvement in recent supply chain incidents, such as those tied to Salesloft, Drift, and other related SaaS providers. While Cloudflare was not the initial attack vector in these examples, its inclusion in breach disclosures highlights the reality that even trusted infrastructure providers can be downstream victims in complex supply chain attacks. In principle, such reports can and will erode customer confidence and satisfaction. Yet, they rarely do. For two main reasons.

Two Reasons

1. Trust Through Transparency

  • Cloudflare consistently responds to security events with detailed incident reports and corrective measures. By disclosing not only what happened but how mitigations were implemented, the company reinforces customer trust rather than diminishing it. Customers normally interpret this transparency as competence rather than weakness because the company is continuously validating their services even in this regard.

1. Resilience Through Defensive Capability

  • The scale of Cloudflare's infrastructure, from global edge networks to automated bot detection, offers customers a level of security they cannot easily replicate in house. Even if Cloudflare is occasionally a downstream victim in complex supply chain attacks, the comparative protection it offers remains unmatched. The risk of going without it is greater than the risk of depending on it. In practice, trust is maintained because dependency on the Tech Giant is always both rational and beneficial.

Conclusion

Tech giants are not immune to incidents. But their dominance rests on something more enduring: when an attack unfolds, their tools work.

In the pwn.college case, local defenses could not stop the attack. Cloudflare's proxy, original server lockdown, and “Under Attack” mode did however.

This is why trust in Tech Giants like Cloudflare rarely dwindles. Their reliability for platforms under fire outweighs the theoretical risk, ensuring their place as permanent guardians of the cyber realm.

Sources

# Stay Updated

terminal

$ subscribe_to_updates

Subscribe to access private blog posts, early vulnerability disclosures, and security insights not available to the public.