Threat actors are increasingly abusing the InterPlanetary File System (IPFS) to host malware samples and phishing kits to evade detection from security products and increase their campaign resilience.
According to a report published today by Cisco Talos, there’s a steep rise in the number of malware detections concerning samples originating from IPFS gateways.
Given the current conditions in the security industry and the stance of organizations on the matter, this trend is expected to continue.
Volume of IPFS-hosted malware samples
CISCO The IPFS Advantage
IPFS is a file-sharing protocol launched in 2015, offering a new solution for building decentralized peer-to-peer networks.
It replaces the idea of hosting data on a centrally located server with a system that relies on content addresses, nodes, mirrors, and a distributed hash table.
IPFS can host various types of files, including the resources required for rendering web pages. Contrary to BitTorrent, IPFS can serve as a complete solution for a single global network.
Sample of publicly accessible IPFS Gateways
Because the content is hosted on a decentralized network, taking down malware or phishing sites is practically challenging, if not entirely impossible, in many cases.
This tactic ensures that malicious sites stay online for longer; thus, malware distribution and phishing campaigns are not interrupted.
Additionally, there’s the aspect of law enforcement, and the advantage of obfuscation offered by IPFS since untangling an intricate network of connections and mirrors to find the host of files isn’t straightforward.
Cisco also underlines that IPFS is generally used by legitimate