Malware, Email security, Vulnerability Management

IPFS increasingly used for malware hosting

More threat actors have been leveraging the InterPlanetary File System for bulletproof malware hosting, SecurityWeek reports. Utilizing IPFS allows attackers to not only have more resilient servers for malware hosting but also no malware storage-related costs, according to a Cisco Talos report. Attacks discovered using IPFS include a phishing scheme involving a fraudulent DocuSign PDF that exfiltrates collected data to an attacker-controlled web server, as well as an AgentTesla malspam campaign. Such attacks may be averted by preventing IPFS gateway access, the report recommended. "For now, if you're an organization that has no association with web3, and you're not dealing with NFTs, I would recommend simply blocking access to all the IPFS gateways because there's a maintained list of them. That would provide quite a bit of mitigation to this," said Cisco Talos, which noted that a long-term solution to the problem is yet to be seen amid the increased pervasiveness of NFT/blockchain apps on IPFS.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.