Since the outbreak of the COVID-19 pandemic, there has been a dramatic change in consumer technology across the globe. Quick-Response (QR code) technology was well received and much used after people turned to contactless transactions. However, the rise of digital transactions via QR code technology also introduced new cyber threats, which most people are unaware of.
According to research, more than 1.5 billion people leveraged QR codes for digital transactions in 2020 globally, and threat actors have already exploited the trend.
A QR code is a barcode that allows users to instantly access information by a digital device. QR codes store data as a series of pixels in a square-shaped grid and are mostly used to track details of a particular product in a supply chain. Consumer-based QR codes pose severe security threats to corporate systems and data. Several cybercriminal groups exploit QR codes via Quishing and QRLjacking attacks to compromise targeted devices and steal sensitive financial data.
Like phishing attacks, threat actors use different lures and tactics to trick users into scanning the malicious QR code. The types of QR code attacks include:
In a Quishing attack, threat actors send a phishing email containing a malicious QR code attachment. Once the user scans the QR code, it will direct the user to a phishing page that captures sensitive data like users’ login credentials.
Most organizations use Quick Response Code Login (QRL) as an alternative to password-based authentication procedures. A QRL allows users to log in to their accounts by scanning a QR code, which is encrypted with the user’s login credentials.
QRLJacking is like a social engineering attack capable of session hijacking affecting all accounts that rely on the Login with the QR code feature. In a QRLjacking attack, threat actors trick unwitting users into scanning a specially crafted QRL rather than the legitimate one. Once the victim scans the malicious QRL, the device gets compromised, allowing the attacker to take over complete control over the device.
Also Read: Scammers Force Victims to Use Crypto ATMs and QR Codes
Additionally, threat actors leverage “honeypot” techniques such as enticing users with a free Wi-Fi network that scans the QR Code. Bad actors also replace QR codes in public places with malicious ones that redirect users to phishing sites. The malicious QR codes can connect the victim’s device to a malicious network to reveal the user’s location and initiate fraudulent payments. Most fraudulent QR codes can easily evade traditional security detections that only scan the email/site content rather than suspicious barcodes.
While avoiding QR code scans may be impractical, taking certain proactive measures may help mitigate the risks associated with QR code technology.
QR code attacks, like ransomware and phishing attacks, are becoming more frequent across the global threat landscape. With new kinds of cyber threats predicted to surge in 2022, users should be vigilant about the risks involved and think before scanning their next QR code.
About the Author:
Rudra Srinivas is a Senior Feature Writer and part of the editorial team at CISO MAG. He writes news and feature stories on cybersecurity trends.
More from the Rudra.
The post How Cybercriminals Exploit QR Codes to Their Advantage appeared first on CISO MAG | Cyber Security Magazine.
Click to Open Code Editor