The Rise of QR Code Phishing: Cyber Attacks Targeting US Energy Companies

Cybercrime: Malicious QR Codes Used in Phishing Attack Targeting US Energy Company

Introduction

A widespread phishing campaign utilizing malicious QR codes has targeted organizations in various industries, including a major energy company in the US, according to a report by threat intelligence firm Cofense. The campaign, which started in May 2023, aims to harvest Microsoft account credentials of targeted organizations’ employees. The attackers have sent more than 1,000 phishing emails, with approximately 29% of them targeting the US energy company. Other industries that have been targeted include manufacturing, insurance, technology, and financial services.

The Phishing Campaign

The phishing campaign relies on malicious QR codes that are embedded inside PNG images or PDF documents. The QR codes contain hidden phishing links that are designed to trick recipients into providing their Microsoft account credentials. The emails have been spoofing Microsoft security notifications to deceive the recipients.

Cofense notes that the number of observed attacks has been growing by roughly 270% on a monthly basis since the campaign started. The highest spike in attacks was observed between May and June, but the number of attacks has diminished in August. The observed emails often contain lures related to updating account information, two-factor authentication, or general account security details.

The Tactics Used by Attackers

The attackers have employed several tactics to bypass security controls and ensure that their malicious messages reach the recipients’ inboxes. They have used Bing redirect URLs, two Salesforce application domains, and Cloudflare’s Web3 services as phishing links. By utilizing these techniques, the attackers have been able to hide the phishing links and make the emails appear legitimate, increasing the likelihood of unsuspecting recipients falling victim to the attack.

User Verification and Protection

While the malicious QR codes have the potential to bypass certain security measures and land in users’ inboxes, Cofense points out that they may not be as efficient in finalizing the attack. Scanning the QR code and following the phishing link requires user interaction, typically using a mobile phone. Modern mobile devices often show the embedded artifact and ask the user to verify the URL before launching a browser to the link. This allows users to see where the link is going before accepting it.

However, it is crucial to educate employees and raise awareness about the risks associated with scanning QR codes received via email. QR scanners and image recognition systems can automatically identify malicious QR codes, but it is still important to exercise caution and avoid scanning such codes altogether.

Security Measures and Recommendations

Organizations need to bolster their cybersecurity defenses to protect themselves from phishing attacks and other types of cybercrimes. It is crucial to implement robust security measures such as multi-factor authentication, email filtering, and employee training. Regular security awareness training programs can help employees recognize and avoid phishing attempts, including those that involve malicious QR codes.

To detect and prevent phishing attacks, organizations should utilize advanced threat intelligence platforms and email security solutions. These tools can identify and block suspicious emails containing malicious links or attachments. Additionally, IT departments should continuously monitor network traffic and investigate any anomalies or suspicious activities.

Conclusion

The widespread phishing campaign utilizing malicious QR codes highlights the evolving tactics employed by cybercriminals to deceive organizations and compromise their cybersecurity. As cyber threats become more sophisticated, it is essential for organizations to stay vigilant, educate employees, and implement robust security measures to protect against phishing attacks. By taking these proactive steps, organizations can reduce the risk of falling victim to such cybercrimes and safeguard their sensitive data and resources.