Summary
Netskope Threat Labs is tracking phishing campaigns abusing InterPlanetary File System (IPFS) to deliver their payloads. From March 1 to April 30, Netskope Threat Labs has seen a 7x increase in traffic to IPFS phishing pages. The attacks have been targeting victims mainly in North America and Asia Pacific across different segments, led by the financial services, banking, and technology sectors.
IPFS was first launched in 2014 and has been steadily increasing in popularity since. As with any popular technology, cyber-criminals find ways to abuse it. In this blog, we provide users an overview of how IPFS works and how attackers are abusing IPFS to host traditional credential phishing campaigns.
What is IPFS?
InterPlanetary File System (IPFS) is a protocol that allows decentralized file storage and delivery networks. It is a peer-to-peer (P2P) system that uses content addressing instead of location addressing.
Files uploaded to IPFS are assigned a unique identifier called CID or Content Identifier. It is a string of characters generated through the file content’s cryptographic hash. The CID serves as a permanent address of a file and can be used by anyone to find it on the IPFS network.