IPFS, DApps, & Blockchains: How Web3 Technologies Are Being Abused In Malware and Phishing Campaigns

Presented at CactusCon 11 (2023), Jan. 28, 2023, 4 p.m. (60 minutes).

The emergence of new Web3 technologies designed to facilitate decentralized hosting and delivery of content on the internet seeks to address several issues facing global internet users. Distributed applications (DApps), the Interplanetary Filesystem (IPFS) and other related technologies were designed to enable users to circumvent content restrictions implemented by governments, provide resilience against centralized content moderation, and enable the ability to share information anonymously. These same features have proven to be a double-edged sword for network defenders. Recently there has been a significant increase in the number of threat actors that have begun to take advantage of these same technologies for nefarious purposes. IPFS and DApps are currently being abused by a variety of threat actors who are leveraging them as a new form of "bulletproof hosting" in their phishing and malware distribution campaigns. In this presentation, we will discuss what these technologies are, how they work, and how they are currently being abused for the purposes of credential theft, malware distribution, and more. We will cover several specific case studies and walk through a series of campaigns that demonstrate how they are being abused and what organizations can do to better defend against these new threats.

Presenters:

• Edmund Brumaghin - Threat Researcher - Cisco Talos
  Edmund Brumaghin is a threat researcher with Cisco Talos. He has spent the past several years protecting environments across a number of different industries including nuclear energy, financial services, etc. He currently spends his days hunting malware and analyzing various threats as they emerge and continue to evolve. In his time with Talos he has researched ransomware and other threats being distributed using various attack vectors. He has also worked to expose large scale malware campaigns and raise awareness of security threats observed across the threat landscape.

Links:

• https://cactuscon-11.sessionize.com/session/394347

Similar Presentations:

• Black Hat USA 2016 / Towards a Holistic Approach in Building Intelligence to Fight Crimeware
• May Contain Hackers (MCH2022) / Building decentralized applications with IPFS
• DeepSec 2019 „Internet of Facts and Fears“ / IPFS As a Distributed Alternative to Logs Collection