A New Wave of Cyber Attacks Targets US Energy Sector
Largest Recorded Use of QR Codes in Phishing Campaign
Overt Operator
August 17, 2023
In a notable development in cybersecurity, a significant phishing campaign has been spotted employing QR codes to bypass security measures, targeting mainly the US energy sector. This tactic showcases an evolving sophistication in the world of phishing, and it highlights a concerning trend that security professionals must now grapple with.
According to cybersecurity firm Cofense, this is the first time that QR codes have been utilized on such a large scale in a phishing campaign. Nearly one-third (29%) of the 1,000 emails attributed to this campaign were directed at a major unnamed US energy company. The remaining attempts targeted various industries including manufacturing (15%), insurance (9%), technology (7%), and financial services (6%).
QR Codes in Phishing Campaigns
The mechanics of the attack are intriguing. The phishing email claims the recipient must take urgent action to update their Microsoft 365 account settings. To create a sense of urgency, the threat actors instruct the recipient to complete this step within 2-3 days.
These emails come with PNG or PDF attachments containing a QR code, which the recipient must scan to verify their account. By using QR codes embedded in images, the attackers have found a way to dodge email security tools that typically scan for known malicious links, allowing the phishing messages to reach the target's inbox.
The QR codes in this campaign are designed with multiple layers of evasion. They utilize redirects in services like Bing, Salesforce, and Cloudflare’s Web3 to send the targets to a Microsoft 365 phishing page. By hiding the redirection URL within the QR code and utilizing base64 encoding for the phishing link, detection becomes much more challenging.
Rise of QR Code Threats
Although QR codes have been used in phishing campaigns before, these instances have been on a smaller scale. This campaign indicates a significant escalation in their use as an attack vector.
The FBI warned in January 2022 that cybercriminals were increasingly employing QR codes to steal credentials and financial information. Scammers have also used QR codes to trick individuals into scanning them, leading them to malicious websites aimed at stealing money.
Defense and Mitigation Strategies
Despite their effectiveness in bypassing email protection, QR codes still require the victim to actively scan them, a crucial factor that allows well-trained personnel to spot and avoid these attempts.
Most modern smartphones' QR code scanners also include protective measures, asking users to verify the destination URL before launching the browser.
Cofense suggests that organizations should incorporate image recognition tools in their phishing protection measures, though it acknowledges that these are not guaranteed to catch all QR code-related threats.