Cybersecurity firm Sophos today released the results of Sophos X-Ops research on a new type of threat, quishing.
This new attack vector involves the use of fraudulent QR codes, emailed by threat actors, to bypass the phishing security measures put in place by companies.
This fraudulent QR code, embedded in a PDF document attached to an email, takes the form of a message about payroll, employee benefits, or other forms of official paperwork a business might send to an employee. Because QR codes are not readable by computers, the employee must scan the QR code using their mobile phone. The QR code links to a phishing page, which the employee may not recognize as malicious since phones usually are less protected than a computer.
The goal of the attackers is to capture employees’ passwords and their multi-factor authentication [MFA] tokens in order to access a company’s system by bypassing the security measures in place.
“We spent a considerable amount of time sifting through all the spam samples we had to find examples of quishing,” comments Andrew Brandt, principal researcher at Sophos X-Ops. “Our research has revealed that attacks that exploit this specific threat vector are intensifying, both in terms of volume and sophistication, especially when it comes to the appearance of the PDF document. »
In addition to social engineering tactics, the quality of emails, attachments and QR code graphics, these quishing attacks seem to be growing in terms of organization as well. Indeed, some malicious actors now offer as-a-service tools to run phishing campaigns using fraudulent QR codes. In addition to features such as CAPTCHA bypasses or the generation of IP address proxies to bypass automated threat detection, these criminal organizations provide a sophisticated phishing platform that can capture the credentials or MFA tokens of targeted individuals.
To encourage organizations to better protect systems against this type of attack, Sophos X-Ops shares a list of recommendations including being vigilant about internal emails about HR topics, salaries or company benefits
Sophos is also urging organisations to monitor risky sign-ins using identity management tools, enabling conditional access: This feature helps enforce access controls based on the user’s location, device status and risk, enabling effective access monitoring thanks to sophisticated logs and implementing email filtering
Organisations should also leverage on-demand email retrieval, encourage employees to be vigilant and report incidents and revoke suspicious user sessions.
Despite the continuous development of new attack vectors, Sophos says organizations can protect themselves from compromised systems by equipping themselves with the right tools, fostering a culture and work environment, and surrounding themselves with security vendors that, like Sophos.
Follow us on Telegram, Twitter, and Facebook, or subscribe to our weekly newsletter to ensure you don’t miss out on any future updates. Send tips to editorial@techtrendsmedia.co.ke
