C-level executives and others in managerial positions are by far the top targets of increasingly popular phishing attacks that involve malicious QR codes.
Bad actors know that if they can get into the email of a highly placed executive, it opens up all sorts of pathways to a company's systems and data, Callie Hinman Baron, content marketing manager for the email security vendor, wrote in a blog post this week.
If a hacker can compromise an executive's account, they can send fake requests to people inside and outside of the company who will see the name of the executive sending the email and likely open it and complete the request without question.
The focus on quishing and executives are part of Abnormal Security's H1 2024 Email Threat Report.
In quishing campaigns, hackers often will email their malicious QR code that links to what seems like a legitimate website that often look like a Microsoft or Google login page, complete with a prompt to enter login credentials or similar sensitive information.
The attacker can then use the information to compromise the email account and launch more attacks.
QR codes have been around since the early 1990s and threat groups have been using fraudulent QR codes in their scams for several years.
The use of QR codes picked up steam during the COVID-19 pandemic, with businesses using them for such everything from restaurant menus to contactless payments systems in hopes of slowing the spread of the virus, which increased the comfort among people for using them.
They also know that using QR codes may help them slip past the messages employees constantly hear in cybersecurity awareness training to avoid clicking on links in emails they weren't expecting to receive.
Replacing hyperlinks in phishing attacks with QR codes makes it more likely the phishing message will get past legacy email security solutions, in large part because the emails contain minimal content and no obvious URL, so the number of signals that the security tools typically pick out and analyze to detect an attack aren't there.
In a report late last year, SlashNext researchers noted that security experts had seen a 50% jump in QR code-based phishing attempts in the previous months.
The FBI said in an advisory last year that it had begun seeing more reports of people who were victimized by fraudulent QR code-based attacks.
Cybersecurity firm Hoxhunt in October 2023 reported that QR codes were used in 22% of the phishing campaigns it detected in the first weeks of the month.
Abnormal researchers found that 89.3% of QR code attacks they detect are aiming to steal credentials, such as usernames and passwords.
One, which accounted for about 27% of all quishing attacks, used fake notices related to multifactor authentication.
The other - in about 21% of attacks - involved sending fraudulent notifications of a shared document.
In the report, Abnormal showed common ways such attacks occurred using Microsoft and DocuSign as lures.
Construction and engineering firm and professional service provides were the most popular targets of quishing campaigns, up to 19.2 and 18.5 times, respectively, more likely to see such attacks than organizations in other industries.
Getting into the accounts of professional service providers means access to confidential information that can be sold, ransomed, or use in other attacks, the report's authors wrote.
Abnormal also found that smaller companies - those with 500 or fewer mailboxes - experience 19 times more quishing attacks than others.
This Cyber News was published on securityboulevard.com. Publication date: Fri, 09 Feb 2024 17:43:06 +0000