How well do you pay attention when scanning QR codes?

- Advertisement -spot_imgspot_img
How well do you pay attention when scanning QR codes?

Just open your QR reader app and scan those codes. Do you think carefully when you do this? And when do you scan a QR code or not? A new study from HP, the Wolf Security Threat Insights Report, shows that they are seeing an increase in the number of hackers who use fraudulent QR codes for phishing attacks.

This shows that new insights have been gained into the latest techniques that cybercriminals use in the rapidly changing cybercrime landscape. Figures show that HP Wolf Security customers have clicked on more than 25 billion deceptive emails, web pages, and downloaded files with no security vulnerabilities reported. More insights will be revealed during the Amplify Partner Conference taking place March 28-30.

As of February 2022, Microsoft has started blocking Microsoft programs in Office files, making it more difficult for hackers to hack. Data released by the HP Threat Research team shows that it will become even more difficult for cybercriminals to hack from Q2 onwards. Based on millions of data from HP Wolf Security endpoints, research found the following:

  • The rise of fraudulent QR codes: Since October 2022, HP has seen misleading QR codes for phishing campaigns on an almost daily basis. Users are tempted to scan this QR code. Often, after scanning the QR codes, hackers take advantage of weaker phishing protection on mobile devices. Research showed that in the fourth quarter of 2022 it often involved hackers posing as mail deliverers.

  • HP has observed a 38% increase in fake PDF files: Hackers use web gateways. The PDF instructions in the files contain a password that the user must enter to extract a ZIP file, which deploys QakBot or IcedID malware to give the hacker access to systems and personal data.

  • 42% of malware was delivered in files such as ZIP, RAR and IMG: The popularity of these files has increased by 20% since the first quarter as hackers turn to scripts to transport their information across their computer network. This corresponds to 38% of fake PDF files delivered through Microsoft software such as Microsoft Word, Excel and PowerPoint.

We’ve seen malware distributors like Emotet try to circumvent Office’s strict policies with complex manipulative tactics, but they haven’t been effective. However, there appears to be an increase in cyber attacks, malvertising and PDF malware. Users should be on the lookout for junk emails and deceptive websites that ask to scan QR codes that then lead to requests for personal information. But users should also be wary of PDF files that link to password-protected archives.

– Alex Holland, Senior Malware Analyst, HP Wolf Security threat research team, HP Inc.

Malvertising

In Q4 2022, HP found 24 popular software projects that were being imitated in malvertising attacks. These attacks were used to infect computers with eight malware families. The attacks rely on users clicking on search engine advertisements, which then lead to malicious websites. The websites look almost identical to the official websites and that is why these websites are very misleading to users.

“While techniques are evolving, hackers are still using techniques to manipulate users,” said Dr. Ian Pratt, Global Head of Security for Personal Systems, HP Inc. “Organizations must deploy good web security to mitigate the most common cyberattacks, such as phishing email, websites and restrict downloads. In addition, they will have to regularly warn their users to prevent them from sharing personal data on untrustworthy websites and thereby improve an organization’s security.”

HP Wolf Security performs high-risk tasks such as opening email attachments, downloading files, and opening links on micro-virtual machines (micro-VMs) to protect their users. HP’s application protection technology limits cyber-attacks that may slip through other security tools. It also offers unique insights into new hacking techniques and the behavior of criminals.

The full report is here to find.

[Fotocredits – nenetus © Adobe Stock]

- Advertisement -spot_imgspot_img
Latest news
- Advertisement -spot_img
Related news
- Advertisement -spot_img