Security analysts discovered a significant phishing operation that employed malicious QR codes to target multiple entities, including a prominent U.S. energy corporation, in an attempt to gain access to Microsoft credentials.
The utilization of QR codes has gained extensive popularity since the emergence of the COVID-19 pandemic. However, cybercriminals have promptly taken advantage of this trend by initiating schemes that distribute fraudulent QR codes with the intention of illicitly obtaining user data.
Attack campaign details
Starting from the campaign's initiation in May, there has been an average monthly growth increase of approximately 270%. The most substantial leap occurred between May and June, with an approximately 500% surge, and a subsequent increase of around 155% from June to July.
- Notably, there has been a staggering growth of over 2,400% in the usage of QR codes in emails since May.
- The U.S. energy company encountered approximately 29% of the total malicious QR code-laden emails, out of the 1,000+ sent.
- Among the other top four industries targeted, manufacturing, insurance, technology, and financial services received 15%, 9%, 7%, and 6% of the campaign's traffic, respectively.
- While the campaign employed various domains, Bing-redirect URLs made up the largest portion, accounting for 26% of all QR code-related phishing links in the campaign. The Salesforce application URL followed with a share of 15%.
Why use QR codes?
- The researchers observed that hackers have seldom employed QR codes on such a large scale. However, threat actors might be experimenting with this approach due to its heightened efficiency compared to the conventional links commonly found in phishing emails.
- QR codes offer a higher likelihood of bypassing email filters, as the phishing link is concealed within the QR image, which is itself embedded within a PNG image or PDF attachment.
- Furthermore, many mobile devices are not subject to enterprise-level control, which places them beyond the security measures of the corporate environment.
The bottom line
The surge in the usage of QR codes for phishing campaigns underscores the evolving tactics of cybercriminals to exploit emerging trends. To counter this growing threat, organizations should consider bolstering their security protocols by implementing advanced email filtering solutions capable of detecting embedded QR codes and providing targeted user awareness training. These measures, combined with proactive monitoring and swift incident response, can help mitigate the risks posed by such innovative phishing tactics.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_466830185.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/iStock_000059603538_Small.jpg)
