Security News > 2022 > August > Researchers Warn of Increase in Phishing Attacks Using Decentralized IPFS Network
The decentralized file system solution known as IPFS is becoming the new "Hotbed" for hosting phishing sites, researchers have warned.
Cybersecurity firm Trustwave SpiderLabs, which disclosed specifics of the attack campaigns, said it identified no less than 3,000 emails containing IPFS phishing URLs as an attack vector in the last three months.
IPFS, short for InterPlanetary File System, is a peer-to-peer network to store and share files and data using cryptographic hashes, instead of URLs or filenames, as is observed in a traditional client-server approach.
"Taking down phishing content stored on IPFS can be difficult because even if it is removed in one node, it may still be available on other nodes," Trustwave researchers Karla Agregado and Katrina Udquin said in a report.
This also means it could be much harder to take down phishing sites hosted on IPFS. The attacks observed by Trust typically involve some type of social engineering to lower the guard of targets in order to coax them to click fraudulent IPFS links and activate the infection chains.
"Phishing techniques have taken a leap by utilizing the concept of decentralized cloud services using IPFS," the researchers concluded.
News URL
https://thehackernews.com/2022/07/researchers-warns-of-increase-in.html
Related news
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- GenAI makes phishing attacks more believable and cost-effective (source)
- CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force (source)
- Inside the incident: Uncovering an advanced phishing attack (source)
- Ongoing phishing attack abuses Google Calendar to bypass spam filters (source)