IPFS phishing on the rise, makes campaign takedown more complicated

Cybercriminals increasingly use IPFS phishing to store malicious content such as phishing pages, with the effect of increasing the uptime and availability of that content.

Hacker and Cyber criminals phishing stealing private personal data, user login, password, document, email and credit card. Phishing and fraud, online scam and steal. Hacker sitting at the desktop.
Image: Adobe Stock

To successfully run a phishing operation, cybercriminals do generally need to host phishing pages online. The victims connect to it and provide their credentials or credit card number to it, falling for the fraud.

Phishing campaigns are generally detected within minutes, because they tend to target a lot of people and some of them immediately report it to security companies or CSIRT (computer security incident response team) teams. Those teams might investigate the case, but generally the first priority is to have the web content being shut down, so that any people clicking on the fraudulent link a bit later cannot access it. It can be a matter of minutes or a few hours before the phishing content is taken down.

This explains why cybercriminals do spend a large amount of time in either compromising websites to host their phishy content or register some free web hosting service and store their content. Increasing the availability and uptime for their phishing pages definitely sounds like a good idea for cybercriminals. This is where IPFS comes in.

What is IPFS?

IPFS stands for interplanetary file system. IPFS is a peer-to-peer network and protocol for hosting data that was created in 2015. It is built on a decentralized system, kind of the same way as torrents. Users can access the content via an address, and other peers can find and request the content from any node who has it using a distributed hash table (DHT).

Users who are not part of that global IPFS network can access its content by using various IPFS gateways (Figure A).

Figure A

Sample list of public gateways for IPFS.
Sample list of public gateways for IPFS. Image: ipfs.github.io.

Any file stored on IPFS can be retrieved via a unique Content Identifier (CID) using the following convention:

https://<Gateway>/ipfs/<CID Hash>

Any file requested from IPFS is served via any participating node on the network.

What are IPFS benefits for cybercriminals?

Phishing pages sitting on IPFS are trickier to take down, compared to usual phishing pages hosted on the clear web. Since several IPFS nodes can host the content, the phishing page could stay online for an undetermined period that could last for months, or naturally vanish if no node is hosting it anymore.

To be sure to have this fraudulent content taken down, it takes more effort than usual for cyberdefenders. They need to reach all the gateways that lead to the file and ask for removal of the content from their cache.

Luckily enough, even if the content stays online, the links to the fraudulent content can always be reported to anti-phishing services such as Google Safe Browsing, which will quickly have the links flagged as malicious and prevent users from accessing it.

SEE: Mobile device security policy (TechRepublic Premium)

IPFS phishing examples

Researchers from the SpiderLabs team at Trustwave exposed a few IPFS phishing cases recently.

The Chameleon phishing page is a phishing page that changes its appearance based on the email address of the victim. The phishing page actually loads a logo and background content based on the email address (Figure B).

Figure B

Same IPFS phishing URL shows two different contents based on the email address of the victim.
Same IPFS phishing URL shows two different contents based on the email address of the victim. Image: Trustwave

Another example provided by Trustwave shows a phishing email pretending to come from Microsoft, about an Azure subscription. The email contains a malicious HTML file leading to a phishing page actually hosted on the IPFS network (Figure C).

Figure C

Phishing email with HTML attachment leading to an IPFS phishing page.
Phishing email with HTML attachment leading to an IPFS phishing page. Image: Trustwave

Once the user has opened the attachment, the phishing page is accessed, hosted on the IPFS network. It requests the user to click a contact link, then the phishing page asking for the user’s Microsoft credentials is shown (Figure D).

Figure D

Microsoft phishing pages hosted on the IPFS network.

Microsoft phishing pages hosted on the IPFS network. Image: Trustwave.

A threat that will keep growing

IPFS is not a brand new technology, yet the adoption of it by cybercriminals is a new phenomenon that was predictable. Every time a new technology evolves, there are always criminal minded people to pervert it for their needs.

Trustwave indicates that they have observed more than 3,000 emails containing phishing URLs that have used IPFS for the past 90 days and mentions that “it is evident that IPFS is increasingly becoming a popular platform for phishing websites.”

SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)

What can be done against IPFS phishing?

As told, IPFS is a peer-to-peer network which makes content take down harder. When it only requires to report a phishing page to a hosting company or a DNS provider to have it shut down when it is stored in the usual web, it requires addressing all IPFS gateways which leads to the fraudulent content to have it shut down.

The faster possibility to prevent such phishing pages from being accessed by internet users is to report it to anti-phishing services that will block access to all users running those services.

Disclosure: I work for Trend Micro, but the views expressed in this article are mine.

Source link

istanbul escort aksaray escort arnavutköy escort ataköy escort avcılar escort avcılar türbanlı escort avrupa yakası escort bağcılar escort bahçelievler escort bahçeşehir escort bakırköy escort başakşehir escort bayrampaşa escort beşiktaş escort beykent escort beylikdüzü escort beylikdüzü türbanlı escort beyoğlu escort büyükçekmece escort cevizlibağ escort çapa escort çatalca escort esenler escort esenyurt escort esenyurt türbanlı escort etiler escort eyüp escort fatih escort fındıkzade escort florya escort gaziosmanpaşa escort güneşli escort güngören escort halkalı escort ikitelli escort istanbul escort kağıthane escort kayaşehir escort küçükçekmece escort mecidiyeköy escort merter escort nişantaşı escort sarıyer escort sefaköy escort silivri escort sultangazi escort suriyeli escort şirinevler escort şişli escort taksim escort topkapı escort yenibosna escort zeytinburnu escort porno 1080p porno izle 4k porno izle 720p porno izle abella danger alman alman porno alman porno izle aloha tube porno amatör amatör porno amatör porno izle anal anal porno anal porno izle arap porno asa akira porno asyalı porno bangbros porno bangbros porno izle banyoda sikis başörtülü porno beeg porno izle beyaz tenli porno izle biseksuel porno izle bisexsuel porno brandi love porno brazzers brazzers porno izle canli porno canli porno izle çinli porno çinli porno izle ensest porno ensest porno izle ensest seks erotik porno erotik porno izle esmer porno esmer porno izle etek altı fake agent fake taxi fake taxi porno fantazi pornoları fantezi porno izle fetiş porno fetiş porno izle fetish fransız porno fransız porno izle full hd hg porno izle gangbang porno genç kız porno izle genç kız sikişi genç teen porno izle gizli çekim porno gizli çekim pornosu grup pornosu grup porno grup porno izle hd pornolar hd porno hd porno izle hemşire porno hemşire pornosu hizmetçi porno hizmetçi porno izle ingiliz porno japon pornoları japon porno kızlık bozma kızlık bozma porno izle konulu porno konulu porno izle koreli porno köylü pornoları kumral porno kumral porno izle latin pornoları latin porno latin porno izle lezbiyen pornoları lezbiyen porno lezbiyen porno izle lisa ann porno liseli pornoları liseli porno liseli porno izle manken porno manken porno izle masaj porno izle masturbasyon porno izle masturbasyon pornoları mature porno mia khalifa porno mia malkova porno milf porno izle mobil porno mobil porno izle öğrenci porno izle öğretmen porno izle okul porno izle olgun kadın pornosu olgun porno oral porno oral porno izle oral seks porna izle pornhub pornhub porno izle porno film izle porno indir porno izle porno resimler porno star porntube porno izle redtube redtube pornoları riley reid porno rokettube rus pornoları rus porno rus porno izle sakso blowjob porno izle sarışın pornoları sarışın porno sarışın porno izle sarışın pornoları sekreter porno shemale sikiş sikiş sikiş izle şişman porno siyahi pornoları suriyeli pornoları swinger porno tecavüz porno teen porn türbanlı pornoları türbanlı porno türk pornoları türk porno türk porno izle türkçe altyazılı porno türkçe altyazılı porno izle xhamster pornoları xhamster porno xhamster porno izle xnxx xnxx porno xnxx porno izle xvideos xvideos porno izle yaşlı porno yeşilçam porno izle youjizz youporn youporn porno izle zenci porno güvenilir bahis siteleri bahis siteleri casino deneme bonusu casino siteleri deneme bonusu para yatırma bonusu bahis siteleri casino siteleribahis sitesi para yatırma