Malicious QR code hacking campaign is targeting Microsoft credentials
QR codes are arguably one of the most ubiquitous technologies of the third decade of the 21st century, following the lead from China, where they’ve mostly replaced cash in everyday transactions.
The convenience of scanning a QR code is well-documented, but not as well-documented is what happens when the QR code is malicious. That’s the theme of a new report released today by security researchers at phishing detection and response solutions company Cofense Inc.
Cofense’s researchers have detailed a malicious QR code campaign that targets the Microsoft Corp. credentials of users from a wide array of industries. The average month-to-month growth percentage of the campaign is over 270% and the campaign has increased in size by 2,400% since May.
The most notable target, a major energy company based in the U.S., was measured as receiving emails containing malicious QR codes in 29% of every incoming email. Other top targeted industries include manufacturing, insurance, technology and financial services.
Most of the emails involved spoofing Microsoft security notifications that contain PNG or PDF attachments in emails that ask a user to scan a QR code. Scanning any QR code, let alone a malicious one, puts the user outside the protections of the enterprise environment.
The Cofense researchers note that they have not previously seen large malicious campaigns that use QR codes and that the detailed campaign may indicate that the malicious actors are testing the efficacy of QR codes as a viable attack vector.
“While QR codes do have legitimate reasons to be used, malicious actors also have reasons to use them as well,” the Cofense researchers warn. It is “imperative that employees are trained not to scan QR codes in emails they receive,” they add, as doing so “will help ensure that accounts and businesses security remain safe.”
Image: Bing Image Creator
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU