IPFS is a Web3 technology that decentralizes and distributes the storage of files and other data on a peer-to-peer network. Like any technology, IPFS can be misused by cybercriminals.
However, since the content hosted on IPFS is decentralized and distributed, it is difficult to find and remove dangerous content from the ecosystem.
What are Web3 and IPFS?
IPFS is one of the technologies supporting Web3 infrastructures. Web3 - or the third iteration of the web - is a new version of the internet that emphasizes decentralization using blockchain technology and tokens. With Web3, users can protect their data from censorship and manipulation without the need for a central authority. This decentralization allows individuals to have ownership and control over their own content, which they can publish without fear of governments or tech companies taking it down. However, cyber criminals can also leverage these advantages in their activities.
IPFS is a distributed file sharing system released in 2015. It is open and uses peer-to-peer hypermedia protocol to make internet faster, safer and more open. Unlike the traditional web, IPFS is content-aware, looking for content identifiers in the form of hashes, rather than specific locations, over a decentralized network. IPFS content can be accessed by establishing a dedicated node in the IPFS network or through IPFS gateways, which are third-party web-based interfaces between the web and the IPFS network. These gateways allow users to view and retrieve content via HTTP requests, but they cannot modify or add to the content.
Phishing-related network traffic
Among other things, IPFS has seen an exponential increase in phishing-related network traffic, particularly in the last quarter of last year. Unlike traditional phishing sites hosted on the internet, a hosting provider or moderating party cannot simply remove IPFS phishing content. Once the content is published on the IPFS network, anyone can retrieve it and re-publish it on their own node. Phishing content can be hosted on multiple nodes, and each host would need to request removal of the content. Should one of the hosts not consent to the removal, it would be virtually impossible to remove the content.
However, phishing campaigns typically have a shorter lifespan than other types of cybercrime because the content is removed or blocked by website owners, hosting providers, or moderators. The structure of IPFS allows criminals to extend their campaign by making it more resilient to content removal. IPFS phishing campaigns are similar to traditional phishing, in which attackers impersonate legitimate services and software such as DHL, DocuSign, and Adobe to increase the likelihood of ending up in the inbox of a bona fide recipient. The ability to block these decoys depends on the email security measures in place by the receiving company. While some companies set very strict rules in their secure email gateways and other security products, others refrain from doing so, fearing that legitimate email could be affected.
Conclusion
The increasing use of IPFS by cybercriminals is a growing problem. As a decentralized and distributed storage technology, IPFS brings unique challenges in finding and removing malicious content from the ecosystem. It is important to note that there is no one-size-fits-all solution for removing malicious content from IPFS networks. Depending on the specific circumstances and the involvement of the owners of the decentralized networks that will ultimately host the content, different approaches may be more or less effective.
Do you have a moment?
Take a few minutes for our 2023 user survey and help make B2B-CYBER-SECURITY.de better!You only have to answer 10 questions and you have an immediate chance to win prizes from Kaspersky, ESET and Bitdefender.
Here you go directly to the survey
The significant increase in IPFS-related traffic observed by Palo Alto Networks in 2022, backed by data from VirusTotal, highlights the growing popularity of this technology among cybercriminals. The threat campaigns observed by Unit 42 analysts show the versatility of IPFS in conducting various criminal activities. These include phishing, theft of access data, C2 communication and distribution of user data.
The abuse of IPFS, as well as the sale of services hosted on IPFS, underscores the need for constant vigilance and proactive measures to detect and contain threats on this platform. It is imperative that the cybersecurity community remains vigilant and takes proactive measures to stay ahead of evolving threats in IPFS and other emerging technologies.
More at PaloAltoNetworks.com
About Palo Alto Networks Palo Alto Networks, the global leader in cybersecurity solutions, is shaping the cloud-based future with technologies that transform the way people and businesses work. Our mission is to be the preferred cybersecurity partner and protect our digital way of life. We help you address the world's biggest security challenges with continuous innovation leveraging the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration. By delivering an integrated platform and empowering a growing ecosystem of partners, we are the leaders in protecting tens of thousands of businesses across clouds, networks and mobile devices. Our vision is a world where every day is safer than the one before.