Hackers Utilize QR Codes in Novel 'Quishing' Cyber Assaults
In a recent report titled "Threat Spotlight: Split and nested QR codes fuel new generation of 'Quishing' attacks," published on August 20, security researchers at Barracuda Networks have revealed two novel QR code phishing techniques: QR code splitting and QR code nesting. These techniques are being used by operators of Phishing-as-a-Service (PhaaS) kits to help malicious QR codes evade detection.
When traditional email security solutions scan a message, they see two distinct and benign-looking images instead of one complete QR code. This is where QR code splitting comes into play. The malicious QR code is split into two separate images and embedded in a phishing email. In the HTML visual of the email, the QR code comprises two different images.
The operators of PhaaS, such as Gabagool and Tycoon, have been found using these unreported techniques. The complete QR code, when scanned by the recipient, directs the user to a phishing page designed to steal sensitive information, such as Microsoft login credentials.
In some instances, the malicious QR code is embedded within or around a legitimate QR code. This technique can make it harder for scanners to detect the threat due to ambiguous results, according to Barracuda researchers.
To combat these emerging quishing attacks, the report recommends a defense-in-depth approach to email security. Beyond foundational measures like security awareness training, multi-factor authentication (MFA), and advanced spam and malware filtering, the report suggests adopting multi-layered email protection.
This multi-layered email protection is powered by multimodal AI to counter fast-evolving threats. The AI-driven approach strengthens detection by visually scanning attachment images to identify embedded QR codes. It also safely executes suspicious links in isolated sandbox environments to observe real-time malicious activity.
Moreover, the approach leverages machine learning to scrutinize QR code structures and pixel anomalies, even without extracting the embedded data. It also decodes QR payloads and analyzes linked URLs or malicious content.
The report was authored by Rohit Suresh Kanase. For more details, you can refer to the full report "Threat Spotlight: Split and nested QR codes fuel new generation of 'Quishing' attacks," published on August 20. Stay vigilant and secure, and remember to always scrutinise any QR codes you encounter before scanning them.
