Home » Check Point talks about the evolution of QR Code attacks

Check Point talks about the evolution of QR Code attacks

by admin
Check Point talks about the evolution of QR Code attacks

Check Point Software highlights the danger of attacks based on QR Code, a familiar tool for many but now also used by cybercriminals.

An evolution compared to the cyber attacks perpetrated last summer, which led to an increase in +587% of these phishing attacks. These threats all had similar characteristics, aiming to trick users into scanning the code, to redirect them to a credential collection page.

Today, hackers use QR Codes differently. The initial request is similar, but the redirection chain is different: the link uses the site the user is interacting with as a support, and adjusts accordingly, adapting the type of link for Apple or Android users. The end goal is the same: to install malware on the end user’s endpoint, while also stealing their credentials. By changing the target based on user behavior, the success rate is much higher.

In the span of two weeks in January 2024 alone, approximately 20,000 such attacks were witnessed.

Hackers send QR Codes with device-based conditional routing.
• Carrier: Email
• Type: QR Code, conditional redirect, credential collection
• Tecniche: Social engineering, BEC 3.0
• Target: Any end user

This email starts out as a fairly standard phishing attack based on a QR Code. The request consists of consulting your annual contribution statement by scanning the QR Code. This will give you your account balance for the current year .
The interesting aspect of this attack is what follows from it.
The QR Code has a destination point affected by your browser, device, screen size and more. Depending on the parameters, the QR Code refers to a different page.

See also  4 straight wins!Weird 7th NBA preseason prediction analysis Lakers VS Timberwolves_season_offense_rebounds

Essentially, there are four levels of obfuscation. One is the QR Code itself. L’URL embedded in the code appears to point to an Apple domain, but is instead redirected elsewhere. There is then a blind redirect to another domain. This domain automatically checks to see if the user is coming from a browser or crawler and is redirected accordingly.
There is also a payload with anti-reverse engineering techniques. If you try to expose it, it would consume infinite resources.
In all these cases, the QR Code link and the one to which you are redirected are different.

The techniques

Il redirection in an attack is not necessarily new, even if its use in QR Codes is peculiar. By navigating conditional redirection, hackers are able to increase their ability to succeed. Typically, default security levels look at a redirect, and if the first one is clean, they let it through. (That’s what happened in this type of attack.)

This is where the power of a comprehensive security solution comes in, allowing you to work at multiple levels and prevent these types of attacks.
In this case, an email security solution can block the attack by examining suspicious behavior, such as the first sender, text analysis, and more. There safety of the browser can block it, inspecting the website and emulating any actions. Mobile security may block it when you actually scan the QR Code. L’antimalware can emulate the file and understand what will happen. Security also acts after delivery and can continuously examine new information, continuously scanning and emulating the URL.

See also  Artificial intelligence, this is how companies use it

These attacks are difficult to stop because they work by compromising many different layers. However, if you have all layers of protection, your ability to block the attack increases.

To defend against these attacks, security managers can:
• Implement security that uses artificial intelligence to examine multiple phishing indicators.
• Implement security capable of decoding QR Code attacks.
• Implement multi-layered security protection.

You may also like

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy