Surge of QR Code Attacks in Social Engineering Scams

Unmasking QR Code Threats and Fortifying Multi-Layered Defenses

NEWS  Security  January 26, 2024  Reading time: 3 Minute(s)

Max (RS editor)

---

Check Point Software Technologies, a renowned cybersecurity solutions provider, has recently shed light on a concerning trend—QR code attacks. These attacks involve the exploitation of QR codes to redirect unsuspecting users to credential harvesting pages, with the redirection chain dynamically adapting based on the user's device. The ultimate objective? Installing malware and pilfering valuable credentials.

Check Point's Live Cyber Threat Map has been diligently monitoring this alarming phenomenon, identifying a staggering 20,000 instances of QR code attacks within a mere two-week span. This not only underscores the severity of the issue but also emphasizes the vulnerability of QR codes to cybercriminals.

 

The escalation of QR-code-based phishing attacks has been nothing short of astonishing. Hackread.com reported a jaw-dropping 587% surge in such attacks between August and September 2023. The root cause appears to be the lack of QR code protection in email security solutions, coupled with the widespread use of QR code scanning.

Despite the cybersecurity community's concerted efforts to develop protective measures, threat actors have responded with innovative variations of QR code attacks. Bitdefender, for instance, has observed a rise in YouTube stream-jacking campaigns leveraging deepfake videos for cryptocurrency theft—a cybercrime where criminals exploit livestream pop-ups, QR codes, and malicious links.

Adding to the complexity, SlashNext reported a surge in QR-code-based phishing attacks using techniques such as Quishing and QRLJacking. Quishing involves circulating QR codes with malware download links on various platforms, redirecting users to phishing websites or downloading malware.

The multifaceted nature of QR codes, incorporating layers of obfuscation, including the QR code itself, blind redirects, and anti-reverse engineering payloads, makes them an attractive tool for hackers. This complexity enables them to redirect users to suspicious activities or fake login pages, with conditional redirection based on parameters like browser, device, and screen size. 

 

Check Point Research shared instances where users were prompted to scan QR codes for seemingly innocuous purposes, such as retrieving an annual 401K contribution statement. However, these QR codes had conditional destination points based on various parameters, directing users to different pages. The variation in links displayed to Mac and Android users underscores the deceptive nature of these attacks.

While default security layers might overlook threats if the initial redirect appears clean, a comprehensive security solution is indispensable. This includes robust protection across email, browser, mobile, anti-malware, and post-delivery security layers. Together, these layers collaborate to block suspicious behavior, inspect websites, and decode QR code attacks.

Given the intricate obfuscation layers that QR code attacks employ, security professionals now require advanced tools like AI-based security to effectively decode these threats.

 Implementing multiple layers of protection is not merely a best practice but a necessity in the face of the evolving sophistication of phishing attacks. By adhering to these principles, security professionals can significantly fortify their defenses and shield their systems from the pervasive threat of QR code attacks.

 COVER IMAGE BY FREEPIK | SOURCE: HACKREAD