QR Codes Increasingly Used in Phishing Attacks
Malware phishing attacks, where phishing emails are used to trick end users into downloading and executing malicious code, have been an effective way of gaining access to internal networks for many years. Malware phishing is the initial infection vector in a large number of cyberattacks, many of which often end with ransomware being deployed. The tactics, techniques, and procedures (TTPs) used by threat actors in phishing attacks are constantly changing, and a new trend has emerged where QR (quick response) codes are used for malware phishing. According to Hoxhunt, 22% of phishing attacks in October 2023 used QR codes.
QR codes are machine-readable images that consist of a matrix that transmits information. The codes were invented by a Japanese automobile manufacturing company in 1994 as a way of connecting the digital and physical world. They were initially used to track vehicle parts during manufacturing processes; however, the use of QR codes has grown considerably thanks to the widespread use of smartphones.
QR codes are commonly used to direct users to websites. A mobile phone camera can be used to scan a QR code to obtain a URL, which can be visited with a single click. QR codes can be dynamic or static, with static QR codes used to provide information that doesn’t change, such as a URL or contact information; whereas dynamic QR codes direct the user to a URL that points to a server where the information is stored, allowing the content to be easily updated. QR codes may be printed and used in advertising or can be sent via email or other communication channels.
Quishing attacks may see QR codes distributed via email, social media platforms, or instant messaging services, or the codes could be printed. The malicious QR codes are generated for a website that is used for harvesting credentials or downloading malware. These attacks provide a false context for using the code, similar to standard phishing attacks. This could be a special offer, prize draw, or security alert. Attacks have also been conducted that exploit the “login with QR code” feature used by many apps and websites – termed QRLJacking – and are capable of session hijacking all applications that rely on the “Login with QR code” feature as a secure way to login into accounts.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The increasing use of QR codes in phishing has prompted the Health Sector Cybersecurity Coordination Center (HC3) to release a white paper on QR-based phishing, which is considered to pose a threat to the healthcare and public health (HPH) sector. As is the case with defending against other forms of phishing, a defense-in-depth approach is recommended. Email security solutions such as spam filters or secure email gateways should be used to filter out unwanted emails. HC3 also stresses the importance of conducting security awareness training and updating training courses to include QR-based phishing to warn users about the risks of QR codes. Multifactor authentication, ideally phishing-resistant MFA, should be implemented to prevent stolen credentials from being used to access accounts, and to protect against malware delivery, endpoint security software should be deployed.
