A report by cybersecurity firm Trustwave SpiderLabs shows an increase in phishing attacks. It also reveals that around 3,000 emails were identified containing IFPS (InterPlanetary File System) phishing URLs as the main form of attack.
IPFS networks are known in Brazil as Interplanetary File Systems and their function is to store and share data to several computers. “Removing phishing content stored on IPFS can be difficult because even if it is removed on one node, it may still be available on other nodes,” said Katrina Udquin, a researcher at Trustwave SpiderLabs in the report.
The researchers warn that IPFS phishing attacks have an easy way of impersonating legitimate business networks. “Spammers can easily camouflage their activities by hosting their content on legitimate web hosting services or using various URL redirection techniques to help thwart scanners using URL reputation or automated URL parsing.”
Most of the attacks identified by the report originate from some sort of social engineering with IPFS links that have some sort of message for the attack targets to access the infection chains. Emails will typically come with a similar look and feel to a notification from brands like Azure or DHL.
“One of the main reasons IPFS has become a new playground for phishing is that many web hosting, file storage, or cloud services now offer IPFS services,” write the Trustwave SpiderLabs researchers.
The addresses that the targets are directed ask the user to enter their credentials to access the document. “With data persistence, robust networking, and little regulation, IPFS might be an ideal platform for attackers to host and share malicious content.”
In a report earlier this year, cybersecurity firm Proofpoint revealed that 83% of the 4,000 people surveyed said they had experienced an email phishing attack.