SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
New Zealand
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
DLP
#
Branding
#
CIOs
Rising trend in 'quishing' attacks targets QR code users
Mon, 13th Nov 2023
Author image
By Shannon Williams, Journalist
Follow us

ReliaQuest has unveiled a new blog underlining rising trends in cyber attacks that target QR code users, a practice dubbed as 'quishing'. An analysis report on their customer incidents shows a 51% spike in this specific type of cyber phishing trend during September 2023, contrasting sharply with the cumulative figures for the preceding months from January to August.

The report goes on to detail that these quishing incidents typically mimic the branding and personas of legitimate technology or banking organisations. An analysis found that over half (56%) of these emails mirror the appearance of requests for Microsoft's two-factor authentication (2FA) resets or enablement in the last 12 months. Consequently, the targets are mistakenly led to enter their Microsoft credentials, hence, leaving them vulnerable to a cyber breach.

Online banking pages were also revealed to be a prime choice for such threats - taking the second position and featuring in 18% of all quishing attacks. The targets in these incidents are duped into submitting their banking details on ostensibly believable sites. This form of cyber crime further diversified its reach by luring unsuspecting victims to open QR codes embedded in PDF or JPEG files attached to the email rather than in its body, which made up 12% of these cases.

Unfortunately, these attempts could easily bypass email filters designed to flag malicious messages, as these filters often rely on scanning clickable elements. This craftily reduces the chances of such messages being flagged, proving a formidable challenge to counter this evolving cyber threat.

While these attacks might sound obscure, QR code phishing has carved its niche in the cyber crime landscape, ReliaQuest says. As the use of QR codes becomes ubiquitous, there's been a simultaneous increase in quishing cases, which is firmly implied by data showing references to quishing on major cybercriminal forums surpassing the total figure of 2022 even before the conclusion of 2023.

According to ReliaQuest, the potential losses from falling prey to a quishing attack vary from serious financial losses resulting from the exfiltration of banking login credentials, issues of malware deployment, operational disruption, and/or data loss. Given the increasing sophistication and the looming threats posed by such attacks, more aggressive, proactive, and versatile defences need to be developed and deployed.

The use of tools like ReliaQuest's GreyMatter Phishing Analyzer (GMPA), a system that can deconstruct and analyse encoded URLs found in QR codes, offers a glimmer of hope. However, to ensure a comprehensive approach against this rising menace, enterprises need to leverage a multi-pronged strategy that includes consistent education and training for staff, phishing simulation exercises, and implementing stringent email inbox rules, and above all, coming up with innovative ways to keep evasive threats like quishing at bay.

Related stories
BeyondTrust lauded as a leader in Identity Threat Detection
Former Google Cloud VP Jeff Reed joins Vectra AI as Chief Product Officer
MotivationWorks upgrades cybersecurity with Radware
Watch out! There are hidden dangers lurking in your PDFs
Mako boosts defence against cyber attacks with Radware's protection services
Top stories
Zscaler introduces enhanced ZDX service for improved IT operations
The importance of cybersecurity training for software developers
HID acknowledged as Leader in Gartner Magic Quadrant for Indoor Location Services
Exclusive: How Darktrace is tackling AI-driven cybersecurity
Record ransomware attacks in March 2024, report finds