"Cisco: InterPlanetary File System Seeing 'Widespread' Abuse by Hackers"

Cisco security researchers have reported the widespread abuse of new Web3 technology by threat actors. The InterPlanetary File System (IPFS) is a data storage and sharing protocol and peer-to-peer network. It is intended to allow for the decentralized storage of resources on the Internet. It was designed to be resistant to content censorship, which means that once content is stored within the IPFS network, it cannot be effectively removed. However, Cisco Talos researchers reported widespread abuse and multiple ongoing campaigns that use the IPFS network to host malware payloads and phishing kit infrastructure while facilitating other attacks. IPFS is typically used for legitimate purposes, making it more difficult for security teams to distinguish between benign and malicious IPFS activity in their networks, according to the researchers. Currently, multiple malware families are hosted within IPFS and are retrieved during the early stages of malware attacks. The IPFS team did not respond to requests for comment. According to Cisco Talos, IPFS is being used to host phishing kits, which are websites used by phishing campaigns to collect and harvest credentials from unsuspecting victims. Hackers are also employing the technology in malware distribution campaigns because it provides low-cost storage for malicious payloads and resilience against content moderation, effectively serving as "bulletproof hosting" for adversaries. Researchers have discovered several samples in the wild that are currently utilizing IPFS. Throughout 2022, they observed an increase in the number of samples in the wild as this became a more popular hosting method for adversaries. In one campaign, victims received emails purporting to be from a Turkish financial institution but were actually part of the Agent Tesla Remote Access Trojan (RAT) infection process. This article continues to discuss the abuse of IPFS by hackers.

The Record reports "Cisco: InterPlanetary File System Seeing 'Widespread' Abuse by Hackers"

 

Submitted by Anonymous on