A Fast-Growing Attack Vector

A Fast-Growing Attack Vector

October 25, 20242 min read

QR codes: We've all seen them, but did you know they are one of the fastest growing attack vectors right now?

Why are they so effective?

1. They are traditionally hard to detect and block because they are images or sometimes even images embedded within images that traditional email filtering cannot analyze.

2. They prompt a victim to use their personal mobile device which is normally far less protected than a corporate laptop.

3. They can open a phishing website that can be hard to distinguish from a legitimate site on a small mobile screen.

But there are solutions to combat this threat.

Microsoft just announced that Defender for Office now has the capability to detect and block malicious QR codes in emails. One of the ways it does this is by extracting the URL from the code and checking against known-bad web addresses or even opening the URL in a sandbox to confirm that it is malicious.

I've included the link to Microsoft's announcement below.

This is a big step forward, but what about QR codes that are not in emails? How can you protect your users and your organization from these attacks?

What if it's a QR code on a flyer on their windshield and they use their personal phone to open it?

A few ways to minimize the risk:

1. User training. This is not an end-all solution, but a necessary part.

2. MFA with number matching. If the user accidentally divulges their credentials, MFA with number matching makes it significantly harder for the attacker to gain access to the user's account.

3. Conditional access. If users can only access their corporate resources on company-managed devices, the attacker is once again cut off at the knees.

4. Security monitoring. This is a good overarching solution to catch anything that falls through the cracks. Impossible travel alerts, anomalous user behavior, brute force attacks, etc. can all indicate a compromised account. If no one's watching, the attackers have as much time as they need to break in.

What are you doing to block the threat of malicious QR codes?

As always, I'm happy to chat if you have questions or need some guidance. No strings attached.

https://lnkd.in/gKR-w-w4

Mr. Hawbaker is one of the co-founders of Valenture and an experienced network and security engineer. Joel studied at the University of Illinois’ College of Electrical and Computer Engineering as well as at Columbia College Chicago. He has spent the last 20 years in various IT disciplines and has hands-on experience in some of the world’s largest networks.

A Chicagoland native, Joel now lives in Tennessee with his family.

Joel Hawbaker

Mr. Hawbaker is one of the co-founders of Valenture and an experienced network and security engineer. Joel studied at the University of Illinois’ College of Electrical and Computer Engineering as well as at Columbia College Chicago. He has spent the last 20 years in various IT disciplines and has hands-on experience in some of the world’s largest networks. A Chicagoland native, Joel now lives in Tennessee with his family.

Back to Blog