New research findings in the field of cybersecurity have shed light on the alarming prevalence of spam emails containing QR codes. It has been reported that around 60% of emails with QR codes fall into the category of spam, with a smaller subset of these emails being downright malicious, aiming to deceive users with phishing schemes or steal their credentials.
The firm responsible for these findings, Cisco Talos, has brought attention to the deceptive tactics employed by cyber attackers. One such tactic involves the creation of what is known as “QR code art,” where functional QR codes are hidden within visually appealing designs to evade detection.
Despite their relatively low representation in global email traffic – only accounting for 0.01% to 0.2% of all emails – QR codes have proven to be highly effective in bypassing security filters. This is due to the fact that QR codes are displayed as images, making it difficult for traditional anti-spam systems to decode and analyze their contents. Attackers further complicate matters by using Unicode characters or embedding QR codes in PDF files, making automated analysis even more challenging.
One of the major challenges faced by cybersecurity defenders is the fact that when users scan malicious QR codes on their personal devices, the traffic generated often bypasses corporate security systems. This leaves IT teams unaware of potential security breaches, highlighting the need for increased vigilance when handling QR codes.
Cisco Talos has stressed the importance of a proactive defense strategy known as defanging to neutralize malicious QR codes. This process involves altering the structure of a QR code to prevent it from being scanned, effectively rendering it harmless.
There are two primary methods for defanging malicious QR codes:
1. Obscuring data modules: By partially or fully obscuring the smaller black-and-white squares that encode the QR code’s information, the encoded data becomes corrupted and unreadable. This method is particularly effective when the QR code data needs to be completely inaccessible.
2. Removing position detection patterns: These large square markers in the corners of a QR code are essential for scanners to recognize and interpret the code. By removing one or more of these patterns, the QR code becomes unscannable by most devices, even if the data modules remain intact. This approach is simpler and preferred for quickly disabling a QR code.
In addition to defanging malicious QR codes, users are advised to exercise caution when scanning QR codes, treating them with the same level of scrutiny as unknown URLs. Before scanning, QR codes should be decoded using online tools to inspect their content. Furthermore, users should avoid entering sensitive credentials into unknown sites linked via QR codes and instead navigate directly to trusted URLs to mitigate the risk of falling victim to malicious attacks.