二维码开发 19 年后,已从小众化的条形码替代品发展成为可促成数万亿美元金融交易的工具。它们连接了实体世界和数字世界。现在,它们被用来攻击关键基础设施。
正如我们在使用 URL 缩短器和嵌入式超链接时观察到的那样,令人混淆端点是诱骗人们点进恶意内容的有效方法。攻击者只需在二维码中嵌入恶意链接、发送电子邮件、使用社交工程技术,就能进行有效的
二维码网络钓鱼活动。
我们将向您介绍攻击者如何使用二维码来攻击组织,以及如何防止此类攻击。
二维码网络钓鱼:
一种新兴的攻击手段
一直以来,二维码都是网络犯罪分子针对企业和关键基础设施的罕见选择。然而,与直接在电子邮件中嵌入网络钓鱼链接相比,二维码具有多项优势。由于攻击者可以在 PNG 图像或 PDF 附件中嵌入 二维码,因此 二维码发送方法可以避开反恶意软件和垃圾邮件过滤器,从而有更大的机会进入目标收件箱。
虽然使用二维码进行网路钓鱼一开始似乎有悖常理——因为受害者必须使用手机的相机,扫描另一台设备上的二维码,才能使该计划发挥作用——但二维码在金融交易和2FA 中的盛行,创造了一种合法性和急迫性,可以让用户去扫描代码。此外,编码掩饰了它们导向的URL,使用户更难判断其合法性。
来源:链接
自 2023 年 5 月以来,最近的一次网络钓鱼活动通过放出一系列恶意二维码以从毫无戒心的使用者获取 Microsoft 帐户凭据。其中最引人注目的目标,是一家总部位于美国的著名能源公司。
然而,受到威胁的不仅仅是能源部门。金融、保险、制造和科技业的组织也一直处于威胁状态中。自发现有二维码网络钓鱼以来,这种形态的攻击已经达到超过 2,400%的惊人增长。
Disarm Malicious QR codes with Deep CDR™ Technology
QR code attacks exploit the fact that the human eye cannot read the encoded information. Consequently, users trust that the code will lead to the correct URL or carry out its intended function. OPSWAT Deep Content Disarm and Reconstruction (Deep CDR™ Technology] displays the human-readable URL encoded in the QR code, users can check the legitimacy of the URL before they scan.
A diagram depicting how Deep CDR™ Technology disarms threats in QR Code.
Attackers commonly use disguised or shortened URLs to deceive users. Deep CDR™ Technology can scan the URL with MetaDefender Cloud Safe URL Redirect to determine if it is malicious. If a URL is safe, users are directed to the location. If it's suspicious, they're alerted with a warning. You can configure Deep CDR™ Technology to work with any URL scanning service.
Since QR Codes are often image-based, they can hide threats using steganography. Deep CDR™ Technology can effectively mitigate these potential risks, as demonstrated here.
QR Code before and after Deep CDR™ Technology Sanitization. The image on the left has embedded code for a malicious QR code attack. The image on the right has been sanitized with MetaDefender Deep CDR™ Technology.
OPSWAT 守護二维码安全的最佳做法
The ubiquity and trust in QR codes have expanded the attack surface. However, awareness of the rising threat of QR code phishing and taking proper precautions can help users and businesses stay protected. Deep CDR™ Technology delivers advanced security to combat this emerging attack vector.
随着二维码使用量的持续增长,网路犯罪分子也更常利用其漏洞进行网路钓鱼和恶意软体活动。二维码网路钓鱼凸显了保持警惕的重要性,以及采用创新安全解决方案,来应对不断变化的威胁形势的必要性。
Deep CDR™ Technology's capabilities provide an adequate safeguard against QR code phishing by extracting and inspecting QR code contents to intercept attacks before they compromise devices and data. Combining enhanced awareness, secure practices, and advanced technology allows us to reap the convenience of QR codes while mitigating their risks.
