Man
Professional
- Messages
- 3,088
- Reaction score
- 631
- Points
- 113
Cisco Talos on why spam filters are powerless against a new threat.
Prior to 1994, most scanning technologies used one-dimensional barcodes, capable of storing only up to 80 alphanumeric characters. Denso Wave created the first QR codes, increasing the capacity to 7000 digital or 4300 alphanumeric characters.
A study by Cisco Talos showed that spam filters are almost powerless against malicious QR codes, since they are not able to recognize their presence in images. Statistics show that although QR codes are found in only one in 500 emails, a shocking 60% of them contain spam or malware.
This new type of fraud is still very young. It is called "quishing". Attackers create fake websites that imitate legitimate resources and place QR codes in public places. For example, there have been cases when someone pasted QR stickers on parking meters, redirecting victims to fake payment systems.
Emails with QR codes masquerading as two-factor authentication requests are the most common trick. Scammers use them to steal credentials. When a QR code is scanned from a mobile device, all subsequent traffic between the victim and the attacker passes through the cellular network, bypassing corporate security systems.
Despite the relatively small share of such emails (0.1-0.2% of the total), they are much more likely to end up in the inbox, bypassing spam filters. Moreover, inventive scammers have learned how to create QR codes using Unicode characters, which makes them even more difficult to detect. Traditional methods of neutralizing malicious links, such as replacing the "http" protocol with "hxxp" or adding parentheses to URLs, work much worse in this case.
There are ways to make QR codes safe to view – for example, by masking data modules or removing one or more position detection patterns (large squares at the corners of the code). However, these tricks are not understood by everyone and have not yet become widespread.
A separate threat is posed by the so-called "QR art" - images in which the code is disguised as a regular picture. The user may accidentally scan it with the camera and click on a malicious link without even realizing it.
Cisco Talos analysts advise you to be as careful when scanning codes as when clicking on suspicious links. For those who use them regularly, there are special online decoders that allow you to pre-check the contents.
Remember: the simplicity and convenience of QR technologies should not overshadow the need to comply with the basic rules of digital security.
Source
Prior to 1994, most scanning technologies used one-dimensional barcodes, capable of storing only up to 80 alphanumeric characters. Denso Wave created the first QR codes, increasing the capacity to 7000 digital or 4300 alphanumeric characters.
A study by Cisco Talos showed that spam filters are almost powerless against malicious QR codes, since they are not able to recognize their presence in images. Statistics show that although QR codes are found in only one in 500 emails, a shocking 60% of them contain spam or malware.
This new type of fraud is still very young. It is called "quishing". Attackers create fake websites that imitate legitimate resources and place QR codes in public places. For example, there have been cases when someone pasted QR stickers on parking meters, redirecting victims to fake payment systems.
Emails with QR codes masquerading as two-factor authentication requests are the most common trick. Scammers use them to steal credentials. When a QR code is scanned from a mobile device, all subsequent traffic between the victim and the attacker passes through the cellular network, bypassing corporate security systems.
Despite the relatively small share of such emails (0.1-0.2% of the total), they are much more likely to end up in the inbox, bypassing spam filters. Moreover, inventive scammers have learned how to create QR codes using Unicode characters, which makes them even more difficult to detect. Traditional methods of neutralizing malicious links, such as replacing the "http" protocol with "hxxp" or adding parentheses to URLs, work much worse in this case.
There are ways to make QR codes safe to view – for example, by masking data modules or removing one or more position detection patterns (large squares at the corners of the code). However, these tricks are not understood by everyone and have not yet become widespread.
A separate threat is posed by the so-called "QR art" - images in which the code is disguised as a regular picture. The user may accidentally scan it with the camera and click on a malicious link without even realizing it.
Cisco Talos analysts advise you to be as careful when scanning codes as when clicking on suspicious links. For those who use them regularly, there are special online decoders that allow you to pre-check the contents.
Remember: the simplicity and convenience of QR technologies should not overshadow the need to comply with the basic rules of digital security.
Source
