There is a significant rise in IPFS phishing attacks in 2023, causing a considerable stir in the digital landscape. Read on to learn about IPFS phishing attacks, including their types and modus operandi, and how to stay secure from their clutches.
IPFS (InterPlanetary File System) is a modular suite of protocols and is a decentralized technology that makes an integral element of the Web 3.0 ecosystem used to transfer and organize data. Malicious actors have laid their hands on IPFS, too, for their nefarious purposes, as is the fate of any emerging technology. They have started utilizing IPFS widely in their mass phishing campaigns.
The IPFS phishing attacks started in 2022 but have kicked into another gear recently and are being used in mass-targeted phishing scams. Below are more details about these IPFS phishing attacks, how they occur, IPFS phishing attack types, statistics, and how to protect yourself from such attacks.
IPFS and Phishing
IPFS is a beneficial protocol for storing, handling and moving data. It is an open-source technology that allows individuals to share and store information on the Internet, but in a decentralized way, focusing on efficiency and reliability.
IPFS connects individual systems within a network and allows them to share information directly. These systems are secured using P2P (Peer to Peer) networks without requiring any third party between them.
However, the decentralized nature of the IPFS is a bane as much as a boon since malicious actors have taken a liking to using P2P data sites to spread malware.
Scam artists began using IPFS for phishing attacks in 2022, where they would place HTML (HyperText Markup Language) files with phishing forms in IPFS and employ gateways as proxies so that the victim would end up opening the file. They shared file access links through phishing emails sent via the gateway to the victims.
IPFS Phishing Attack Statistics
Since the detection or deletion of links does not take place as quickly at the gateway level as it does as a blocking of a phishing website or document, these attacks are more severe. Furthermore, these attacks are not limited to mass email phishing campaigns but are employed in complex targeted attacks.
Researchers at Kaspersky shared a press release with statistics about IPFS phishing attacks. The attacks showed a significant spike this year, with more than 24,000 phishing attempts every day in January and February, a number which was less than 15,000 in 2022. February 2023 was the busiest month witnessing the most IPFS phishing attack activity, reaching 400,000 phishing messages.
Image sourced from ec-mea.com
Types of IPFS Phishing Attacks
Threat actors host phishing kit infrastructure on the IPFS network to camouflage their malicious activities. IPFS phishing attacks work in three significant ways, including:
- Malicious URLs: Malicious actors use phishing messages, emails, pop-ups, and other channels that include links to redirect victims to malicious IPFS gateways.
- DNS Spoofing: Threat actors also create fake DNS (Domain Name System) that redirects individuals to malicious IPFS gateways.
- SSL Certificates: Phishing scam artists employ a fake SSL (Secure Sockets Layer) certificate to show you that you are visiting a trusted website even when you’re on a malicious one.
Using the distributed IPFS system, malicious actors can create a permanent and untraceable phishing website that remains active even after removing the source.
What Makes IPFS Phishing Attacks Different?
The threat actors scout a target and lure them with a phishing email that redirects them to a fake page designed to steal their credentials or financial information. The phishing page is hosted on the IPFS and is accessible using a gateway.
Such a system allows the adversary to reduce the hosting cost and makes removing fraudulent content from the Internet challenging as it resides on multiple systems simultaneously.
How to Protect Against IPFS Phishing Attacks?
Kaspersky’s researchers also shared what individuals and businesses can do to protect against IPFS phishing attacks, including:
- Cybersecurity Hygiene Training: Organizations should train the staff with cybersecurity hygiene training and conduct simulated phishing attacks so their workforce knows how to tell phishing emails apart.
- System/Network Protection Tools: Individuals and organizations should invest in endpoint and mail server protection tools with anti-phishing capabilities to avoid phishing emails and the chances of phishing infections sliding through.
- Cloud Protection Tools: Users must also adopt anti-spam and anti-phishing tools dedicated to the cloud to protect applications, communication, and storage associated with the cloud data.
Final Words
Threat actors have been using the IPFS file distributions in phishing, leading to IPFS phishing attacks since mid-2022. Even a technology that is supposed to be safe, reliable, and decentralized and a significant technological marvel of Web 3.0 could become a tool of malicious actors!
The IPFS phishing attacks indicate to what extent these threat actors could go and how they constantly update their tactics. It would be best to always stay on your guard with robust phishing protection measures and look out for phishing emails to protect your digital lives.