Barracuda's latest research indicates that phishers employ QR codes created from text-based ASCII/Unicode characters, deviating from the standard static images typically used. While these modified codes resemble ordinary QR codes to humans, they can elude detection by security software that relies on image scanning. Additionally, attackers are utilising 'Blob' universal resource identifiers (URIs) to construct phishing pages that are challenging to detect, further complicating the identification of malicious links.
This development in phishing tactics raises concerns about businesses' and individuals' increased vulnerability, as these techniques enable phishing efforts to bypass standard defences more easily.
QR codes composed of ASCII/Unicode blocks appear unremarkable to the human eye but seem meaningless to a system based on image scanning. Consequently, tools that depend solely on image-driven scans may fail to ascertain whether the QR code contains a harmful link.
Attackers' employment of Blob URIs supports their evasion of detection since a Blob URI does not load data from external URLs. This attribute renders traditional URL filtering and scanning tools less effective in recognising malicious content as such URIs are dynamically created and can quickly expire, complicating tracking and analysis.
Ashitosh Deshnur, a Threat Analyst at Barracuda, remarked, "QR code phishing attacks are on the rise, and as security tools adapt to detect and block them, attackers will try to deploy new techniques. In traditional QR code attacks, the threat actors embed malicious links into the QR code. Security tools scan the image for known malicious links and block them."
"The new generation of QR code phishing techniques try to get around this by either making it impossible for image-based security scanning tools to read the QR code, or by making it harder for detection systems to identify and block malicious content."
As the sophistication of phishing methods increases, QR code phishing poses a burgeoning threat to organisations. It is crucial to establish multilayered defence strategies, preferably integrating artificial intelligence, to detect emerging threats, implement robust access and authentication controls, educate personnel, and cultivate a strong security culture.
In this evolving threat landscape, Barracuda Networks is responding to the challenges posed by advanced phishing tactics and other cyber threats. The company focuses on developing solutions that help businesses strengthen their cybersecurity posture. By adapting to emerging threats, Barracuda aims to enhance organisational resilience, providing tools that assist employees and systems in effectively managing increasingly sophisticated attacks.