An instance of a QR code constructed utilizing ASCII
Barracuda Networks
Attackers are impersonating reputable companies
In a single phishing instance demonstrated by Barracuda, attackers impersonated a service that supposedly despatched a payroll and advantages enrolment file that could possibly be accessed by scanning the QR code. In one other case, the attackers impersonated world delivery firm DHL and requested recipients to fill out a kind by scanning the QR code to finish an order as a result of the delivery deal with was supposedly lacking.
One would possibly suppose it could be simple to construct a detection rule for this by simply searching for blocks and half-blocks, nevertheless it’s not that easy. In response to the researchers, there are 32 distinct ‘block’ characters that embrace full blocks, partial blocks and quadrants they usually can additional be encoded inside emails utilizing HTML Entity, UTF-8 Encoding, or UTF-16 Encoding, creating 96 potential mixtures. And plenty of of them have reputable use circumstances, rising the chance of false optimistic detection.
“Moreover, within the case of HTML Entities, every ‘block’ can have a number of representations, and attackers can use single blocks or block mixtures to generate their ASCII/Unicode-based QR codes,” the researchers mentioned. “This all will increase the whole variety of potential mixtures and makes ASCII-based QR codes difficult to detect.”
