Email attacks relying on QR codes surged in the last quarter, with attackers specifically targeting corporate executives and managers, reinforcing recommendations that companies place additional digital protections around their business leadership.
Making matters worse, phishing emails using QR codes can often get by spam filters, with attacks targeting users of Microsoft 365 and DocuSign successfully landing in email inboxes, according to a report published this week by Abnormal Security, a provider of cloud email security.
In the fourth quarter of 2023, the average top executive in the C-suite saw 42 times more phishing attacks using QR codes compared to the average employee.
Other managerial roles suffered an increase in attacks as well, although significantly smaller, with these non-C-suite executives encountering five times more QR-code-based phishing attacks, according to the company's report.
Overall, the data demonstrates that attackers have executives - and other privileged users - in their sites, says Mike Britton, CISO for Abnormal Security.
While QR codes have been around for three decades, they became much more popular during the pandemic, as restaurants and other businesses directed customers to contact-free and online ordering.
In a business context, a top use case for QR codes is offering links to ease the sign-up process for multifactor authentication.
Cyberattackers have hopped on: More than a quarter of QR code attacks in Q4 were fake notices of MFA, for example, while about one-in-five attacks were fake notifications about a shared document, according to Abnormal Security's report.
Top executives see 42 times more attacks using QR codes than regular employees.
Because attackers hide their phishing link in an image, QR code phishing bypasses user suspicions and some email security products.
Malicious QR codes can be placed in physical spaces using a simple sticker, bypassing digital security altogether.
Another Way to Steal Exec's Credentials For the most part, quishing attackers who focus on executives are after the credentials - usernames and passwords - of privileged users.
Credential phishing is the most popular form of email attack, accounting for 73% of all attacks through the vector and 84% of attacks using a QR code; and they often lead to more significant compromises, says Abnormal Security's Britton.
That last point is a common way to abuse mail credentials, Britton says.
The attacker will create a blind carbon copy rule that forwards all emails to the attacker's account.
Thwarting Quishing Takes Technology & Training the Human The good news is, since October, QR-code phishing has subsided to a large degree, after accounting for 22% of phishing attacks, according to human-risk management firm Hoxhunt.
Even if quishing subsides, it will remain a tool for attackers, much in the way that shortened URLs and image spam continue to be used in cyberattacks.
The best way to protect users is to train them, Gellin says.
About 5% of users respond to a phishing attack within the first few minutes, suggesting that a well-trained pool of employees can help blunt an attack.
Training is important, but because a single failure can have a significant impact, technical controls are necessary, says Abnormal Security's Britton.
This Cyber News was published on www.darkreading.com. Publication date: Thu, 08 Feb 2024 21:05:10 +0000