More threat actors have been leveraging the InterPlanetary File System for bulletproof malware hosting, SecurityWeek reports.
Utilizing IPFS allows attackers to not only have more resilient servers for malware hosting but also no malware storage-related costs, according to a Cisco Talos report. Attacks discovered using IPFS include a phishing scheme involving a fraudulent DocuSign PDF that exfiltrates collected data to an attacker-controlled web server, as well as an AgentTesla malspam campaign.
Such attacks may be averted by preventing IPFS gateway access, the report recommended.
"For now, if you're an organization that has no association with web3, and you're not dealing with NFTs, I would recommend simply blocking access to all the IPFS gateways because there's a maintained list of them. That would provide quite a bit of mitigation to this," said Cisco Talos, which noted that a long-term solution to the problem is yet to be seen amid the increased pervasiveness of NFT/blockchain apps on IPFS.