The decentralized file system solution InterPlanetary File System (IPFS) has become the new “hotbed” for hosting phishing sites, stated Trustwave SpiderLabs researchers. They detected 3,000 emails laden with IPFS phishing URLs in the last three months.

Diving into details

  • IPFS is a peer-to-peer network to store and share data and files by using cryptographic hashes instead of filenames or URLs. 
  • It can locate a file via its content address instead of location and users need a content identifier and gateway hostname. 
  • It is built to be resistant to censorship by making content available in several places. This makes a phishing campaign challenging to stop once initiated.

Why this matters

  • IPFS has become a new hotbed for phishing because various file storage, web hosting, and cloud services have started offering IPFS services. 
  • The use of IPFS ensures that the phishing content is more persistent, difficult to detect, and easily propagated. 
  • As it is a P2P system, the phishing contents are available through peers located across the world, who might be sharing information and/or storing it.
  • The systems act as nodes in a networked file system. The files can be accessed whenever and from any node. Even if the malicious content has been removed from one, it is still available in other nodes.

The bottom line

Trustwave warned that in the near future, phishers will start using more advanced phishing schemes. The use of IPFS highlights a “significant evolution in phishing.” Therefore, it is crucial that organizations adopt suitable defenses to meet the changing nature of phishing attacks and other cyberattacks.
Cyware Publisher