Developers Need to Beat QR Code and @ Bypass Hackings

Organizations need cybersecurity solutions that are savvy enough to scan and flag questionable QR codes, attachments, and images, keeping ahead of hackers.

email_security

Malicious hackers are truly creative and resilient beings. It never fails that, when motivated to evade cybersecurity and capture new phishing victims, they continue to come up with new, inventive—and effective—techniques. As early as we are into 2024, we’ve identified a few concerning new tactics that cybercriminals have developed to get past the typical email cyber security filters:  infected QR codes, and a renewed use of the “@” bypass strategy.

Known as “Quishing,” the use of QR codes instead of standard links in email-based phishing attacks is suddenly growing as an innovation in cybercrime. The codes are interpreted by most security solutions as harmless images, as opposed to being recognized as a mechanism that can link to dangerous sites. According to more than one source, including Dark Reading, QR code attacks have surged in the past quarter. Many of these attacks utilize infected QR codes that are embedded in the main body of the message; a smaller percentage contain QR codes as attachments. This method remains a high threat, and one that has yet to be addressed by most security solutions and platforms. This includes well known entities like Microsoft 365 and DocuSign, which according to recent reports have allowed QR codes to bypass their filters.

Attackers have realized that traditional security solutions don’t account for QR codes. This is especially the case for SEG (security email gateway)-based email security solutions that are lacking effective AI-powered tools to either interpret phrasing or scan ill-intended images and attachments. Very few solutions, in fact, currently have any kind of metric that recognizes and scans QR codes as part of their email filtering systems—a failure that developers and ISVs can step in and help rectify.

QR Codes – Thwarting Remediation

With ordinary phishing attacks, an email cybersecurity solution typically will scan emails, detect questionable links, and follow them to their final destinations: usually a clever phishing website where victims turn over their credentials to criminals. Once the malicious link is detected, however, IT managers can follow the trail to that link and determine what users have clicked on it, allowing them to create an effective remediation plan.

A big danger of quishing attacks is that, if infected QR codes aren’t detected and flagged as questionable by cybersecurity filters, then the email security software can’t follow that malicious link to its destination, scan the site source, and gather information used to develop remediation. IT administrators are hindered in their ability to address the damage once the link is clicked by users, since the software was not led to the offending site.

Resurgence of the “@” Bypass

Similarly, the market is seeing a re-emergence of a threat that appeared several years ago and seemed to go dormant—until early 2024. Hackers have taken to adding surreptitious “@” signs into malicious URLs, which “confuse” email cybersecurity filters since they are viewed as innocuous comments. Similarly, browsers can’t discern these disguised malevolent links from safe ones. Therefore, the link doesn’t trigger security filters and passes through to the user’s inbox.

It’s become near-impossible for ordinary network users to tell the difference between a fraudulent “imposter” email and a valid one, due to clever AI-generated templates and text. Users are therefore left vulnerable to clicking the @-laced links, potentially surrendering their passwords to the fraudulent site. Their company’s security solution failed to quarantine a dangerous message.

It’s crucial that developers of cybersecurity solutions take these new phishing methods into consideration in creating software. These cunning strategies are directed more and more frequently at C-level personnel, who have the authority to release vitally important credentials like company banking information. Organizations need cybersecurity solutions that are savvy enough to scan and flag questionable QR codes, attachments, and images, keeping ahead of hackers in this ever-evolving security landscape.

Rom Hendler

Rom Hendler is CEO of Trustifi, a cyber security firm featuring email encryption solutions delivered on a software as a service platform. Trustifi’s email security products provide both inbound and outbound email security from a single vendor. Its unique, cloud-based storage model is helping the channel rethink its approach to cyber security.


Zebra Workstation Connect
Rom Hendler

Rom Hendler is CEO of Trustifi, a cyber security firm featuring email encryption solutions delivered on a software as a service platform. Trustifi’s email security products provide both inbound and outbound email security from a single vendor. Its unique, cloud-based storage model is helping the channel rethink its approach to cyber security.