Barracuda threat analysts have identified a new generation of QR code phishing attacks featuring techniques designed to evade traditional security defenses. The techniques are outlined in new research and include QR codes built from text-based ASCII/Unicode characters rather than the standard static image, and the use of ‘Blob’ universal resource identifiers (URIs) to create hard-to-detect phishing pages. The threat analysts have not seen any examples of the two techniques used at the same time.
QR codes made from ASCII/Unicode blocks will look just like a traditional QR code in an email. However, to a detection system based on image scanning, it will appear meaningless. This means that security tools that rely only on image-scanning can’t see whether a malicious link is embedded inside.
The use of binary large object, or Blob, URIs help attackers to evade detection because a Blob URI doesn’t load data from external URLs. This means traditional URL filtering and scanning tools may not initially recognize the content as malicious. Blob URIs can also be difficult to track and analyze because they are created dynamically and can expire quickly.
“QR code phishing attacks are on the rise, and as security tools adapt to detect and block them, attackers will try to deploy new techniques,” said Ashitosh Deshnur, Threat Analyst, Barracuda. “In traditional QR code attacks, the threat actors embed malicious links into the QR code. Security tools scan the image for known malicious links and block them. The new generation of QR code phishing techniques try to get around this by either making it impossible for image-based security scanning tools to read the QR code, or by making it harder for detection systems to identify and block malicious content.”
QR code phishing attacks present a growing threat to organizations. As phishing attacks become more sophisticated, it is essential to implement multilayered defense strategies, ideally AI-based, to detect new and emerging threats, set robust access and authentication controls, educate employees, and foster a strong security culture.
To read the blog: https://blog.barracuda.com/2024/10/09/novel-phishing-techniques-ascii-based-qr-codes-blob-uri
About Barracuda
At Barracuda we strive to make the world a safer place. We believe every business deserves access to cloud-first, enterprise-grade security solutions that are easy to buy, deploy, and use. We protect email, networks, data, and applications with innovative solutions that grow and adapt with our customers’ journey. Hundreds of thousands of organizations worldwide trust Barracuda to protect and support them so they can focus on taking their business to the next level. For more information, visit barracuda.com.
Barracuda Networks, Barracuda and the Barracuda Networks logo are registered trademarks or trademarks of Barracuda Networks, Inc. in the U.S., and other countries.