Attack Techniques: QR Codes
2023-8-19 00:3:36 Author: textslashplain.com(查看原文) 阅读量:33 收藏

As outlined in earlier posts in this series, attackers know that security software can detect their phishing lures and block users from even seeing the lure if it contains a known-phishing URL. For example, both Windows Live and Gmail block email that is believed to contain phishing links. If your enterprise uses Microsoft Defender for Office, or you have Microsoft 365 Family, all inbound hyperlinks through Microsoft email services are rewritten to navigate through the “SafeLinks” service that performs another real-time check for malicious URLs whenever a user clicks on them.

To avoid security software, attackers try to hide URLs, using techniques like asking the user to retype URLs from an image, or sticking the link inside a password-protected PDF document, or avoid URLs by asking the user to call a phone number or send a reply email containing sensitive information.

Another technique is to send the user a QR Code. A QR Code is simply a picture that can be converted into the URL using the camera app on our now-ubiquitous mobile phones.

This QR Code points to a blog post

Users are increasingly accustomed to using QR Codes for legitimate purposes, so their use in attack scenarios won’t stand out as much as it once would have.

How does this technique benefit an attacker over a plain hyperlink?

  • Mail software can’t rewrite QR codes, so features like Microsoft SafeLinks won’t apply.
  • The use of a QR Code allows an attacker to cause the attack flow to move from a well-protected desktop to a less-protected mobile device. For example, users might be using a mobile web browser with weaker real-time anti-phishing reputation services than the browser on their desktop, and that mobile browser may not be configured to proxy traffic through a secure proxy. Similarly, a user’s personal device might not include a password manager, making the attacker’s request for manually-typed credentials more plausible.

Here’s a news article about a recent attack using the QR Code vector.

Stay safe out there — treat any QR codes received via SMS or email with extra caution. Carefully examine the url— both in any preview the camera app offers, as well looking at the browser’s address bar to see the final URL (because open redirectors are common).

-Eric

Impatient optimist. Dad. Author/speaker. Created Fiddler & SlickRun. PM @ Microsoft 2001-2012, and 2018-, working on Office, IE, and Edge. Now a GPM for Microsoft Defender. My words are my own, I do not speak for any other entity.


文章来源: https://textslashplain.com/2023/08/18/attack-techniques-qr-codes/
如有侵权请联系:admin#unsafe.sh