![Quishing for trouble. [Research Saturday] - CyberWire Daily cover](/_next/image?url=https%3A%2F%2Fmegaphone.imgix.net%2Fpodcasts%2F5f5c6976-beff-11ef-a8bd-67b02091c6d0%2Fimage%2F95b72a93c2ffaf8ff900d662a9bd3735.png%3Fixlib%3Drails-4.3.1%26max-w%3D3000%26max-h%3D3000%26fit%3Dcrop%26auto%3Dformat%2Ccompress&w=3840&q=75)
CyberWire Daily Podcast Summary
Episode: "Quishing for Trouble" [Research Saturday]
Release Date: December 21, 2024
Host: N2K Networks
Introduction to Quishing
In the December 21, 2024 episode of CyberWire Daily, hosted by N2K Networks, cybersecurity expert Adam Kahn, Vice President of Security Operations at Barracuda, delves into the burgeoning threat of "quishing"—phishing attacks that utilize QR codes. The episode, titled "Quishing for Trouble", presents cutting-edge research on how cybercriminals are adapting to the increasing prevalence of QR codes in everyday interactions.
Overview of the Research
Adam Kahn introduces the research study, "The Evolving Use of QR Codes in Phishing Attacks," which analyzed over half a million emails from June to September 2024. The study focused on emails containing PDF attachments and embedded QR codes, identifying a significant trend in impersonation of reputable brands.
“Over half a million emails that were analyzed had PDF documents and even the emails themselves had QR codes included in them.”
— Adam Kahn [02:08]
Key Findings
The research uncovered that cybercriminals predominantly impersonate well-known brands to lend credibility to their phishing attempts. The breakdown of these impersonations is as follows:
- Microsoft: 51%
- DocuSign: 31%
- Adobe: 15%
“Microsoft was about 51% of the overall QR code attacks that we've been able to attribute to, followed by 31% to DocuSign and 15% were attributed to Adobe.”
— Adam Kahn [05:38]
Mechanisms of Quishing Attacks
Quishing attacks typically involve spoofed emails that appear to come from legitimate sources. These emails often contain urgent requests, such as verifying accounts or reactivating multi-factor authentication (MFA). The embedded QR codes, when scanned, redirect victims to malicious websites designed to harvest login credentials or distribute malware.
“They’re asking users to verify their accounts or reactivate their MFA or review or document wire DocuSign or Adobe. ... [The QR code] takes them to an actual malicious website where these attackers are able to get their login credentials or distribute malware on the mobile device.”
— Adam Kahn [05:48]
Challenges with Traditional Security Measures
One of the significant challenges highlighted is the ability of quishing attacks to bypass traditional spam filters. Since QR codes are images rather than text-based links, they can evade filters that rely on detecting suspicious URLs or domains.
“It seems to me that in some ways QR codes kind of short circuit that whole scrutiny.”
— Adam Kahn [09:26]
Advanced email protection solutions now incorporate AI and image recognition to detect and block malicious QR codes before they reach users.
“Advanced email protection software ... utilizing AI to do image recognition, when it sees images such as QR codes, it's able to block them before it reaches the user's email.”
— Adam Kahn [10:39]
Recommendations for Mitigating Quishing Threats
To combat the rising threat of quishing, Adam Kahn offers several strategic recommendations:
-
User Awareness and Training: Educate users about the dangers of quishing, emphasizing the importance of scrutinizing unexpected emails, especially those containing QR codes from unfamiliar sources.
“Making sure the users understand what QR code phishing is, what type of tactics are utilized, and how to go about protecting against those is key.”
— Adam Kahn [11:16] -
Multi-Layered Email Security: Implement email security solutions that leverage AI to analyze both textual and visual content, effectively identifying and blocking malicious QR codes.
-
Enable Multi-Factor Authentication (MFA): Enforce MFA across the entire organizational infrastructure to add an extra layer of security, thereby protecting against unauthorized access even if credentials are compromised.
Conclusion
The episode underscores the evolving sophistication of phishing attacks through the use of QR codes. As QR code usage becomes more ubiquitous in daily transactions, cybercriminals are exploiting this trend to craft more convincing and harder-to-detect phishing schemes. By enhancing user education, deploying advanced security measures, and enforcing robust authentication protocols, organizations can significantly mitigate the risks posed by quishing.
“It's a new tactic and it's very clever that these cybercriminals are utilizing.”
— Adam Kahn [09:56]
Adam Kahn's insights provide a crucial understanding of the current landscape of phishing attacks and offer actionable strategies to bolster an organization's cybersecurity defenses against these innovative threats.
Produced by Liz Stokes, mixed by Elliot Peltzman and Trey Hester. Executive Producer: Jennifer Ibin. Executive Editor: Brandon Karp. President: Simone Petrella. Publisher: Peter Kilpe.