Launching soon: The world's first vendor agnostic bug scrubLearn more & join waitlist
OPERATIONAL DEFECT DATABASE
...
...
Due to the recent uptick in QR Codes and Interplanetary Filesystem (IPFS) based domains phishing attacks, our partners at Lookout have recently made updates to improve the way our combined phishing and content protection (PCP) solution detects these attacks. After some research and analysis conducted by the Lookout team, it was discovered that most of the QR code attacks were linked with IPFS based domains. As a proactive measure, Lookout reclassified the top 70 IPFS gateway domains in their PCP system that powers our Mobile Threat Defense solution. These domains were not previously considered to be phishing or malicious content, but will now be classified as "Peer-to-Peer." Some IPFS gateways contain numerous phishing content and are automatically marked as phishing by Lookout's systems, while others host a mix of malicious and non-malicious content, which will now be categorized as "Peer to Peer" content.IPFS domains can be used to share any sort of data in a decentralized manner and have increasingly been used for hosting phishing-related content. While not all data on IPFS gateways are malicious, a proactive step organizations can take to prevent these kinds of phishing attacks from targeting their organization is to block this category of content (classified as "Peer to Peer") in their environments.
Organizations can utilize the unauthorized content protections policies in their Workspace ONE Mobile Threat Defense console to block all Peer-to-Peer websites at this time, using the steps and screenshots below. Our partners at Lookout are actively keeping an eye on the situation and will take further actions as needed. Steps to enable the blocking of unauthorized content in the Peer-to-Peer category: Log into the Workspace ONE Mobile Threat Defense console as an administratorNavigate to the Protections page using the left-hand navigation menu If you do not want to block this for the default device policy group, select the device policy group where you would like Peer-to-Peer sites blockedUsing the policy search bar, filter the policies using the Web and Content option, and select the Unauthorized Content policy configuration by selecting the gear symbol to the right of the Risk Level selector In the Configure Unauthorized Content Protection window, scroll down to the Web-based Communication Content section, and select the checkbox to the left of Peer-to-Peer and select Save change at the bottom right of the window. Ensure the Response action on the Unauthorized Content Policy is set to Block and alert device. If necessary, update the setting and select Save at the bottom rightRepeat these steps in all device policy groups where you would like to block all Peer-to-Peer categorized sites.