icon

Digital safety starts here for both commercial and personal Use...

Defend Your Business Against the Latest WNY Cyber Threats We offer Safe, Secure and Affordable Solutions for your Business and Personal Networks and Devices.



WNYCyber is there to help you to choose the best service providers in Western New York... We DO NOT provide the services ourselves, as we are Internet Programmers who have to deak daily with Cyber Threats... (Ugghhh)... So we know what it's like and what it takes to protect OUR and OUR CUSTOMERS DATA... We built this Website to help steer you to those that can give you the best service at realistic and non-inflated prices. We do charge or collect any fees.

Buffalo, New York
United States

Current Threat Data

Increase in the Number of Phishing Messages Pointing to IPFS and to R2 Buckets


Summary:
Credential-stealing phishing remains a persistent threat, with threat actors continually evolving their tactics. While various methods for hosting phishing pages exist, including third-party services and email attachments, traditional approaches involving internet-connected servers remain common. A recent trend observed involves an increase in phishing campaigns utilizing IPFS (InterPlanetary File System) and R2 buckets, a Cloudflare object storage service, to host malicious content.

An analysis of spam trap data reveals a significant uptick in phishing campaigns leveraging IPFS and R2 buckets starting around mid-February. Over half of the newly observed campaigns linked to pages hosted on IPFS or R2 buckets. While these phishing messages may be easily identified by spam filters, the trend suggests a deviation from the usual state of affairs.

Although the increase in these messages may not pose a substantial threat to most organizations, it's prudent to consider mitigations. Limiting user access to IPFS and R2 content through DNS or URL filtering could be effective. Blocking access to *.r2.dev for R2 buckets is straightforward, while for IPFS, access can be limited through specialized gateways operating on known domains.

Analyst Comments:
The observed increase in phishing messages utilizing IPFS and R2 buckets highlights the adaptability of threat actors and their willingness to leverage emerging technologies for malicious purposes. While these messages may not pose a significant threat to organizations with robust security measures in place, it's essential to remain vigilant.

Suggested Corrections:
Implementing proactive measures such as limiting user access to IPFS and R2 content through DNS or URL filtering can provide an added layer of defense against credential theft attempts. Additionally, organizations should regularly review their security protocols and stay informed about evolving phishing trends to ensure effective mitigation strategies.

Link(s):
https://isc.sans.edu/diary/Increase...ages+pointing+to+IPFS+and+to+R2+buckets/30744

Contact Us for Threat Assistance
Back to Current Threats