It has always been insisted that technology is neutral and, therefore, can be used for or against. Quishing is an excellent example.
Or can we think of something more innocent and useful than QR codes? Well, they’re not so harmless after all.
Part of the success of cybercriminals depends on permanent innovation. Also taking advantage of everyday technologies or making them malicious.
The most recent transmutation of this type is the one you are experiencing with the QR code and malicious or quishing attacks.
Harmony Email researchers have discovered a new campaign, in which the QR code It is not in an image, but is created using HTML and ASCII characters.
At the end of May, more than 600 emails that followed this pattern were detected. The first major quishing attack was then documented.
These attacks differ from those of traditional phishing in the way the link is formatted in an email.
Instead of a text-based link, the malicious website is flagged using a QR code. When a user scans the QR code, their device can extract the indicated link and take the user to that URL.
From there, they started with Standard MFA authentication requests and later, they evolved into routing attacks and custom objectives.
Now, there is a new trend towards QR code manipulation.
Cybercriminals are inserting small pieces of code into the HTML. At first glance, in an email, this might look like a standard QR code, but for an OCR, no relevant information is detected.
Evolution of quishing
All forms of attacks evolve and QR code phishing is no different. However, it is unique that the evolution has occurred so quickly.
1.- Started with standard MFA verification codes; They were fairly simple and asked users to scan a code, either to reset MFA or even to view financial data.
2.- The second variant, QR Code Phishing 2.0, were routing attacks. The link looks for where the user is interacting with it and adjusts.
If the Internet user is on a Mac, a link appears, if on the contrary they have a android phoneanother appears.
Personalized QR code campaigns have also been detected, in which cybercriminals enter the company logo and the correct username dynamically.
3.- Now, we are looking at the QR Code 3.0, which is the text-based representation of one. This makes it extremely difficult for OCR systems to see and detect it.
How to protect yourself from these attacks?
To protect against these threats, companies and security professionals should take the following measures:
- Implement security that automatically decodes QR codes embedded in emails and scans URLs for malicious content.
- Use security that rewrites the QR code embedded in the body of the email and replaces it with a secure, rewritten link.
- Implement security that uses advanced AI to look for multiple phishing indicators.
Check Point Harmony Email and Collaboration offers robust anti-phishing protectionincluding quishing attacks.
