The decentralized file system solution known as IPFS is becoming the new “hotbed” for hosting phishing sites, researchers have warned.
Cybersecurity firm Trustwave SpiderLabs, which disclosed specifics of the spam campaigns, said it identified no less than 3,000 emails containing IPFS phishing URLs as an attack vector in the last three months.
IPFS, short for InterPlanetary File System, is a peer-to-peer (P2P) network to store and share files and data using cryptographic hashes, instead of URLs or filenames, as is observed in a traditional client-server approach. Each hash forms the basis for a unique content identifier (CID).
The idea is to create a resilient distributed file system that allows data to be stored across multiple computers. This would allow information to be accessed without having to rely on third parties such as cloud storage providers, effectively making it resistant to censorship.
“Taking down phishing content stored on IPFS can be difficult because even if it is removed in one node, it may still be available on other nodes,” Trustwave researchers Karla Agregado and Katrina Udquin said in a report.
images from Hacker News