Articles

Attacks via QR codes: here are the tips from Cisco Talos

Since the advent of the pandemic, the opportunities for using QR codes have multiplied, thanks to which it is possible to obtain information without any physical contact; but it is precisely by virtue of this diffusion that cyber criminals have found an additional, effective and very fearsome tool to launch their attacks.

Table of Contents

Estimated reading time: 5 minutes

According to the last one Cisco Talos quarterly report, the world's largest private intelligence organization dedicated to cybersecurity, recorded a Significant increase in phishing attacks via QR code scanning. Cisco Talos had to manage a phishing campaign that tricked victims into scanning malicious QR codes embedded in emails, leading to the unknowing execution of malware.

Another type of attack is the sending of spear-phishing emails to an individual or an organization, emails containing QR codes that pointed to fake Microsoft Office 365 login pages in order to steal the user's login credentials. It is more important than ever to underline that QR code attacks are particularly dangerous, since they use the victim's mobile device, which very often has less protection, as an attack vector.

How do QR code attacks work?

A traditional phishing attack involves the victim opening a link or attachment so that they land on a page controlled by the attacker. They are usually messages intended for people who are familiar with using email and who normally open attachments or click on a link. In the case of QR code attacks, the hacker inserts the code into the body of the email with the aim of having it scanned via an application or via the camera of the mobile device. Once you click on the malicious link, a login page specifically developed to steal credentials opens, or an attachment that installs malware on your device.

Why are they so dangerous?

Many business computers and devices come with built-in security tools designed to detect phishing and prevent users from opening malicious links. However, when a user uses a personal device, these defense tools are no longer effective. This is because corporate security and monitoring systems have less control and visibility over personal devices. Additionally, not all email security solutions can detect malicious QR codes.

But there's more. With the rise of remote working, more and more employees are accessing company information through mobile devices. According to the recent Not (Cyber) Safe for Work 2023 report, a quantitative survey conducted by the cybersecurity company Agency, the 97% of respondents access work accounts using personal devices.

How to defend yourself

Here some advice from Cisco Talos to defend against QR code-based phishing attacks:

Deploy a mobile device management (MDM) platform or mobile security tool such as Cisco Umbrella on all unmanaged mobile devices that have access to corporate information. Cisco Umbrella DNS-level security is available for Android and iOS personal devices.
A security solution developed specifically for email, such as Cisco Secure Email, can detect these types of attacks. Cisco Secure Email recently added new QR code detection capabilities, where URLs are extracted and analyzed like any other URL included in an email.
User training is key to preventing QR code-based phishing attacks. Companies need to ensure all employees are educated about the dangers of phishing attacks and the growing use of QR codes:
- Malicious QR codes often use a poor-quality image or may appear slightly blurry.
- QR code scanners often provide a preview of the link the code points to, it is very important to pay attention and only visit trustworthy web pages with recognizable URLs.
- Phishing emails often contain typos or grammatical errors.
Using multi-factor authentication tools, such as Cisco Duo, can prevent the theft of credentials, which are often the point of entry into enterprise systems.