Subscribe

Surge in QR code phishing attacks and malicious PDF attachments

Phishing QR Codes

Hackers are diversifying attack methods, and there has been a surge in QR code phishing campaigns, HP Ireland has warned.

The latest quarterly HP Wolf Security Threats Insight Report for Q4 shows QR code 'scan scam' campaigns, whereby QR codes direct users to malicious websites asking for credit and debit card details, have become an almost daily occurrence.

Users are tricked into scanning QR codes from PCs using their mobile devices to take advantage of generally weaker phishing protection and detection on such devices. In Q4 HP identified phishing campaigns masquerading as parcel delivery companies seeking payment.

HP also noted a 38% increase in malicious PDF attachments, with embedded images that link to encrypted ZIP files used in recent attacks, bypassing web gateway scanners.

The PDF instructions contain a password that the user is tricked into entering to unpack a ZIP file, deploying QakBot or IcedID malware to gain unauthorised access to systems, which are used as beachheads to deploy ransomware.

In Association with

Some 42% of of malware was delivered inside archive files like ZIP, RAR, and IMG, and the popularity of archives has risen 20% since Q1 2022, as threat actors switch to scripts to run their payloads.

This is compared to 38% of malware delivered through Office files such as Microsoft Word, Excel, and PowerPoint.

QR Codes Phishing
QR codes are increasingly being used as part of phishing attacks, according to HP.

"We have seen a rise in scan scams, malvertising, archives and PDF malware recently, and we would encourage everyone to look out for emails and websites that ask to scan QR codes and give up sensitive data, as well as PDF files linking to password-protected archives," said Val Gabriel, managing director of HP Ireland.

"Being aware of the signs to watch out for is the first line of defence when it comes to detecting and eliminating any breaches, it ensures these threat actors don’t gain access to sensitive data and move throughout systems."

During Q4, HP also found 24 popular software projects imitated in malvertising campaigns used to infect PCs with eight malware families, compared to just two similar campaigns in the previous year.

The attacks rely on users clicking on search engine advertisements, which lead to malicious websites that look almost identical to the real websites.

“While techniques evolve, threat actors still rely on social engineering to target users at the endpoint,” comments Dr Ian Pratt, global head of security for personal systems at HP.

“Organisations should deploy strong isolation to contain the most common attack vectors like email, web browsing and downloads.

"Combine this with credential protection solutions that warn or prevent users from entering sensitive details onto suspicious sites to greatly reduce the attack surface and improve an organisation’s security posture.”

(Pic: Getty Images)

Sign up to The Business Plus Panel to help shape the business decisions of tomorrow and win vouchers for your opinions! 
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram