- If ChatGPT produces AI-generated code for your app, who does it really belong to?
- The best iPhone power banks of 2024: Expert tested and reviewed
- The best NAS devices of 2024: Expert tested
- Four Ways to Harden Your Code Against Security Vulnerabilities and Weaknesses
- I converted this Windows 11 Mini PC into a Linux workstation - and didn't regret it
60% of Emails with QR Codes Classified as Spam or Malicious
New cybersecurity findings have revealed that approximately 60% of emails containing QR codes are classified as spam, with a smaller subset being overtly malicious, targeting users with phishing schemes or credential theft.
Cisco Talos, the firm behind the findings, highlighted the deceptive techniques used by attackers. Among them is the creation of “QR code art,” a method where functional QR codes are blended into visually appealing designs.
The research also showed that while QR codes represent only 0.01% to 0.2% of all global email traffic – roughly one in 500 emails – they are disproportionately effective at bypassing security filters.
Why QR Codes are Hard to Detect
QR codes evade traditional detection methods because they are displayed as images. Effective identification requires decoding the image and analyzing the resulting data, a process that many anti-spam systems are not equipped to handle. Attackers further complicate automated analysis by using Unicode to construct QR codes or embedding them in PDFs.
A significant challenge for defenders arises when users scan malicious codes on personal devices. Traffic generated by these interactions often bypasses corporate networks and security systems, leaving IT teams unaware of potential breaches.
Read more on QR Code-enabled attacks: Swiss Cyber Agency Warns of QR Code Malware in Mail Scam
Defanging Malicious QR Codes
Cisco Talos emphasized the importance of defanging as a proactive defense strategy to neutralize malicious QR codes. This process involves altering a QR code’s structure to prevent it from being scanned.
Two primary methods for defanging are:
-
Obscuring data modules: The data modules are the smaller black-and-white squares that encode the QR code’s information. By partially or fully obscuring these modules, the encoded data becomes corrupted, preventing scanners from interpreting it. This method is particularly effective when the QR code data needs to be rendered entirely inaccessible.
-
Removing position detection patterns: These are the large square markers located in three of the four corners of a QR code. They are essential for orienting scanners and enabling them to recognize the code. By removing one or more of these patterns, the QR code becomes unscannable by most devices, even if the data modules remain intact. This approach is simpler and often preferred for quickly disabling a QR code.
More generally, Cisco Talos warned that users should treat QR codes with the same caution as unknown URLs. Before scanning, they should be decoded using online tools to inspect their content.
Firms should also avoid entering credentials into unknown sites linked via QR codes and instead navigate directly to trusted URLs.