Photo credit: www.csoonline.com
Attackers are impersonating legitimate services
Research from Barracuda Networks highlights a growing trend in cybercrime where attackers are mimicking recognizable services to deceive users. In one notable phishing scheme, perpetrators disguised their malicious intentions by claiming to send a payroll and benefits enrollment file accessible through a QR code. In another instance, they posed as the reputable global courier DHL, instructing recipients to scan a QR code to fill out a form to resolve a purported missing shipping address.
Creating detection methods for such QR code-based scams may seem straightforward, but the reality is complex. Barracuda’s findings reveal that there are 32 unique ‘block’ characters that cybercriminals can utilize. These include various full and partial blocks which can be encoded in multiple formats such as HTML Entity, UTF-8, or UTF-16. This plethora of combinations—totaling 96—can complicate detection efforts, particularly since many block characters are used legitimately in other contexts.
The researchers elaborated on this complexity by noting that in the case of HTML entities, each block can manifest in different forms, and attackers can cleverly arrange both single blocks and combinations to produce their ASCII or Unicode-based QR codes. This method significantly elevates the number of potential variations of QR codes, making it increasingly difficult for automated systems to identify and flag these malicious attempts accurately.
Source
www.csoonline.com