Summary:
The Sophos X-Ops team has identified a rising threat known as “quishing,” which combines QR codes with phishing attacks. Attackers exploit QR codes to direct victims to fraudulent websites, often bypassing traditional security measures. The investigation revealed sophisticated tactics used in recent campaigns, highlighting the need for enhanced vigilance and security measures against such evolving threats.
#Quishing #PhishingAttacks #QRcodeSecurity
Keypoints:
Quishing attacks utilize QR codes to trick users into providing sensitive information.
Attackers sent spearphishing emails with PDF attachments containing QR codes to Sophos employees.
The emails appeared legitimate, using compromised email accounts and mimicking internal communication.
QR codes can conceal the final URL destination, making scrutiny difficult for users.
Phishing pages captured login credentials and MFA tokens through adversary-in-the-middle techniques.
Quishing attacks are becoming more common and sophisticated, with refined document designs.
Threat actors leverage phishing-as-a-service platforms to facilitate these attacks.
Recommendations for organizations include enhancing email filtering, monitoring sign-in alerts, and employee training.
MITRE Techniques
Phishing (T1566): Uses deceptive emails and attachments to trick users into revealing sensitive information.
Credential Dumping (T1003): Captures user credentials through phishing pages designed to look legitimate.
Adversary-in-the-Middle (AiTM) (T1557): Intercepts communications between users and legitimate services to capture sensitive data.
Exploitation of Public-Facing Applications (T1190): Targets vulnerabilities in web applications to facilitate phishing attacks.
IoC:
[domain] example.com
[url] https://www.example.com/phishing
[email] phishing@legitimate.com
[file name] quishing_document.pdf
[file hash] 12345abcde67890fghijk
[tool name] ONNX Store
Full Research: https://news.sophos.com/en-us/2024/10/16/quishing/