In the past few months we have witnessed a rapid increase in the number of quishing attacks targeting organizations of all sizes, worldwide. Quishing, or QR code phishing, is a somewhat recent derivative of phishing attacks, leveraging the prevalence and inherent trust of QR codes in modern life. The extensive use of QR codes across various domains has made them an attractive vector for cybercriminals.
Through quishing, attackers have managed to bypass most email security vendors, compounding the new tactic with deceptive social engineering. What makes the use of QR codes in emails difficult to detect is that the content and intent of QR codes are not immediately apparent. When coupled with convincing language, impersonation of trusted entities, and a sense of urgency to manipulate users, quishing can be even more difficult to detect and nearly impossible for users to avoid.
From August to September, Perception Point detected a steep 427% increase in the use of malicious QR codes – quishing attacks.
In August, malicious QR codes comprised 1.8% of all QR codes scanned. By September, that number jumped to 9.5%.
In addition, the percentage of quishing attacks out of all malicious incidents climbed from 0.4% in August to 8.8% in September. October has seen a continuation of this trend as quishing incidents steadily climb.
The reported numbers are derived from the attacks that Perception Point has prevented at protected customers. Because many email security vendors cannot detect these attacks, the threat actors have scaled these campaigns, and many end users are falling victim to the scam.
How to Prevent Quishing
Attackers will no doubt continue to exploit quishing as a preferred method to deliver malicious payloads. Quishing has emerged as a unique threat that requires its own solution.
Perception Point has developed a unique approach to preventing quishing attacks that goes beyond just mitigation and education. Perception Point leverages a unique combination of detection technology to detect and prevent quishing attacks from ever reaching the inbox of the user.
Key Features of Perception Point’s Quishing Prevention:
- Real-time Image Recognition: Identifies and extracts all QR codes from the email body and Office file attachments.
- Anti-Evasion Algorithm: Dynamically follows and scans URLs embedded within the QR codes. Unpacks content into smaller units (files and URLs) to overcome evasion techniques and identify hidden malicious payloads.
- AI Detection Models: Including Two-Step Phishing, GenAI Decoder™, Brand Spoofing Recognition, Domain Lookalike and URL Lexical Analysis and more.
- Robust Anti-Malware Detection: Patented CPU-level technology that deterministically blocks attacks in seconds at the exploit phase pre-malware release/execution.
Perception Point stands at the vanguard, prioritizing proactive prevention and harnessing advanced technology to protect organizations’ modern workspaces from the concealed threats posed by QR codes.
For more information about quishing, read our guide here or contact us.