Virtualization Technology News and Information
Cyren 2022 Predictions: Watch out for QR code attacks

vmblog predictions 2022 

Industry executives and experts share their predictions for 2022.  Read them in this 14th annual series exclusive.

Watch out for QR code attacks

By Magni Sigurðsson, Senior Manager of Detection Technologies at Cyren

Cyber crime has long operated as a dark mirror to the legitimate business world, and threat actors have always been adept at incorporating technological trends into their attacks.

The latest example is the resurgence of the QR code. This often-overlooked technology has been around for decades, but has returned to prominence over the last two years due to the COVID-19 pandemic. The scannable software is well-suited to delivering information in a COVID-safe fashion at set locations, and we have seen an increase in its use online as well.

Unsurprisingly, the cyber criminal community wasted little time taking advantage of this trend, evidenced by the increased number of attacks exploiting QR codes. As the software becomes more mainstream in marketing and sales activity over the next year, we anticipate attacks that utilize the tool to follow suit.

How do QR code attacks work?

In one recent example, attackers targeted customers of a German bank using a phishing email prompt  to update their account information. Instead of the usual URL for a phishing site, the email instead included a QR code and asked users to scan it with their mobile device.

In another case, the criminals impersonated a FedEx email saying that a delivery was being held until a customs fee was paid. Again, a QR code was provided to be scanned via mobile.

For the most part these attacks are very similar to the well-worn social engineering scripts we've observed  for years, using familiar tactics that create  a sense of urgency to rush the victim into providing personal details. However, the addition of QR codes creates two key advantages against both victims and security solutions.

Dodging security scans

The first advantage of a QR code attack is that very few security solutions are designed to deal with it, thanks, in part, to the technology being fairly niche. Most traditional email security technology works by scanning text in the body and attachment of an email for known malicious files and URLs. Using QR codes evades these kinds of checks because the QR code is an image that can only be ready using specialized software.

Moving the attack to mobile

QR codes also give attackers an edge because they transfer the attack from the initial endpoint over to a mobile device, which tends to be more vulnerable. In general, mobile devices have less security capabilities in place than a desktop.It's also harder for users to spot phishing sites with the reduced view of a mobile display.

Attackers can use QR codes for a number of different mobile-based attacks, including downloading malicious apps that can exfiltrate data, record keystrokes, or send SMS messages to expensive premium numbers owned by the perpetrator.

What's next for QR attacks?

QR code attacks are the latest example of attackers adapting their techniques to mirror popular technology trends, as well as finding new ways to evade security measures.

As QR codes gain in popular use over the next year, we can anticipate more attacks exploiting the medium. We have already seen QR attacks across multiple industries, and threat actors are also likely to begin using these techniques to target businesses as well as individual consumers.

The use of QR codes ties into the wider movement towards mobile attacks, and we anticipate an increased use in SMS phishing as threat actors seek to evade desktop-based security. It's important for organizations to factor this growing trend into their security strategies.

How can QR codes be stopped?

As with other social engineering attacks, individual users should be on the lookout for anything suspicious in all messages they receive. A QR code attack still requires victims to take a few extra actions before it can fully execute, creating multiple opportunities to spot red flags.

Users should take the time to check the URL before they click, as well as look at the email itself. Does the sender ID match the address? Do the message and logos look correct? If there are any doubts, users should stop where they are and contact the apparent sender or their IT and security teams.

Implementing multifactor authentication wherever possible will also make it much harder for attackers to exploit stolen credentials.

However, it's unrealistic to expect individuals to scrutinize every message they receive-it's just as important to reduce the chances of a malicious email reaching them in the first place. There are many ways to detect and classify fraudulent messages but none of them can detect all threats, all the time. Organizations can better protect their employees from this attack vector by implementing complementary email security technologies. For instance, an email filtering engine can stop malicious QR codes if the messages are sent from known botnets. Post-delivery detection technologies can successfully identify unknown threats containing QR codes by analyzing the email body, subject, sender, and header information for malicious indicators.

Organizations equipped with the knowledge and capability to see through these tricks will be best placed to protect their employees and customers as QR codes become an increasingly widespread part of the attacker arsenal over the next year.



Magni Sigurðsson 

Magni Sigurðsson is the Senior Manager of Detection Technologies at Cyren (NASDAQ:CYRN), an established provider of advanced threat detection and threat intelligence solutions for enterprise, service providers, and cybersecurity solutions vendors. In this role, Magni leads the development and evolution of Cyren's threat detection frameworks to quickly and accurately identify phishing, business email compromise, malware, and spam. Prior to Cyren, Magni was a malware analyst a FRISK Software, products of one of the first anti-virus engines which was acquired by Cyren in 2012. He earned a B.S. in Computer Science from the University of Reykjavik.

Published Wednesday, November 17, 2021 7:30 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<November 2021>