Windows 10 News and info | Forum
October 23, 2018, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances.
 
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or Forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
  Print  
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: Phishing Attacks Distributed Through CloudFlare's IPFS Gateway  (Read 61 times)
javajolt
Administrator
Hero Member
*****
Offline Offline

Gender: Male
United States United States

Posts: 29075


I Do Windows


WWW Email
« on: October 04, 2018, 02:21:27 PM »
ReplyReply

Yesterday we reported on a phishing attack that utilizes the Azure Blob storage solution in order to have login forms secured by a Microsoft issued SSL certificate.

After reviewing the URLs utilized by the same attacker, BleepingComputer noticed that these same bad actors are also utilizing the Cloudflare IPFS gateway for the same purpose.

Last month Cloudflare released an IPFS gateway that allows users to access content stored on the IPFS distributed file system through a web browser. As part of this implementation, all connections to the IPFS gateway are secured using SSL certificates issued by CloudFlare.

By storing the HTML for phishing scams on IPFS, the attackers can then utilize Cloudflare's IPFS gateway to display the stored HTML document. For example, this attacker is using the gateway to display the following phishing form.



The benefit of doing this is that the forms will then be secured using an SSL certificate issued by a well known company like Cloudflare, which could help to convince users that the form is legitimate.



When the user submits the form, their phone number and email will be submitted to a page operated by the attackers at searchurl.bid. The user will then be redirected to a PDF titled "Business Models, Business Strategy and Innovation".



Bad actor uses a wide array of phishing attack

This attacker has been involved in numerous phishing schemes since July 2018. When using VirusTotal to get a list of known URL's related to the searchurl.bid domain, you can see numerous phishing form submission pages.


Phishing form submission pages​​ click to enlarge 1600x807

Some of these pages are now dead, but others are still live and display phishing forms for Google accounts, Windows accounts, DocuSign, and more.



Even though these web page addresses do not look legitimate, many people in a rush may not pay attention and simply enter their info. For this reason, it is always important to properly educate users on how to spot and avoid phishing scams.

source
Logged



Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page October 19, 2018, 08:42:32 PM