Every time a new technology evolves, there are always criminal minded people to pervert it for their needs. ![]() IPFS is not a brand new technology, yet the adoption of it by cybercriminals is a new phenomenon that was predictable. Microsoft phishing pages hosted on the IPFS network. It requests the user to click a contact link, then the phishing page asking for the user’s Microsoft credentials is shown (Figure D). Once the user has opened the attachment, the phishing page is accessed, hosted on the IPFS network. The email contains a malicious HTML file leading to a phishing page actually hosted on the IPFS network (Figure C).įigure C Phishing email with HTML attachment leading to an IPFS phishing page. Image: TrustwaveĪnother example provided by Trustwave shows a phishing email pretending to come from Microsoft, about an Azure subscription. The phishing page actually loads a logo and background content based on the email address (Figure B).įigure B Same IPFS phishing URL shows two different contents based on the email address of the victim. The Chameleon phishing page is a phishing page that changes its appearance based on the email address of the victim. Researchers from the SpiderLabs team at Trustwave exposed a few IPFS phishing cases recently. SEE: Mobile device security policy (TechRepublic Premium) IPFS phishing examples Luckily enough, even if the content stays online, the links to the fraudulent content can always be reported to anti-phishing services such as Google Safe Browsing, which will quickly have the links flagged as malicious and prevent users from accessing it. They need to reach all the gateways that lead to the file and ask for removal of the content from their cache. ![]() To be sure to have this fraudulent content taken down, it takes more effort than usual for cyberdefenders. Since several IPFS nodes can host the content, the phishing page could stay online for an undetermined period that could last for months, or naturally vanish if no node is hosting it anymore. Phishing pages sitting on IPFS are trickier to take down, compared to usual phishing pages hosted on the clear web. What are IPFS benefits for cybercriminals? Any file requested from IPFS is served via any participating node on the network. Image: .Īny file stored on IPFS can be retrieved via a unique Content Identifier (CID) using the following convention: Users who are not part of that global IPFS network can access its content by using various IPFS gateways (Figure A).įigure A Sample list of public gateways for IPFS. Users can access the content via an address, and other peers can find and request the content from any node who has it using a distributed hash table (DHT). It is built on a decentralized system, kind of the same way as torrents. IPFS is a peer-to-peer network and protocol for hosting data that was created in 2015. ![]() IPFS stands for interplanetary file system. Increasing the availability and uptime for their phishing pages definitely sounds like a good idea for cybercriminals. This explains why cybercriminals do spend a large amount of time in either compromising websites to host their phishy content or register some free web hosting service and store their content. Must-read security coverageĪustralia, New Zealand Enterprises Spend Big on Security - But Will It Be Enough? It can be a matter of minutes or a few hours before the phishing content is taken down. Those teams might investigate the case, but generally the first priority is to have the web content being shut down, so that any people clicking on the fraudulent link a bit later cannot access it. Phishing campaigns are generally detected within minutes, because they tend to target a lot of people and some of them immediately report it to security companies or CSIRT (computer security incident response team) teams. The victims connect to it and provide their credentials or credit card number to it, falling for the fraud. To successfully run a phishing operation, cybercriminals do generally need to host phishing pages online. Cybercriminals increasingly use IPFS phishing to store malicious content such as phishing pages, with the effect of increasing the uptime and availability of that content.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |