Security News > 2022 > July > Decentralized IPFS networks forming the 'hotbed of phishing'

Threat groups are increasingly turning to InterPlanetary File System peer-to-peer data sites to host their phishing attacks because the decentralized nature of the sharing system means malicious content is more effective and easier to hide.

Threat analysts with cybersecurity vendor Trustwave this week said the InterPlanetary File System is becoming the "New hotbed of phishing" after seeing an increase in the number of phishing emails that contain IPFS URLs.

Trustwave researchers in a blog post this week wrote that they have seen more than 3,000 emails over the past 90 days containing phishing URLs that have used IPFS, adding that "It is evident that IPFS is increasingly becoming a popular platform for phishing websites."

The use of IPFS is a way for attackers to make their phishing content more persistent, more easily distributed, and more difficult to detect.

Trustwave showed examples of how cybercriminals are abusing blockchain, Google, and cloud storage services to run their IPFS phishing attacks.

The attacks start as other phishing campaigns do, with the criminals using social engineering techniques to coax victims into clicking on malicious IPFS links in phishing emails made to look like legitimate messages from companies like Azure or DHL. "One of the main reasons why IPFS has become a new playground for phishing is that many web hosting, file storage or cloud services are now offering IPFS services," the researchers wrote.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/07/29/ipfs_phishing_trustwave/