Daily QR “Scan Scams” Phishing Users on their Mobile Devices

HP Ireland issued its latest quarterly HP Wolf Security Threat Insights Report, showing hackers are diversifying attack methods, including a surge in QR code phishing campaigns. By isolating threats on PCs and mobile devices that have evaded detection tools, HP Wolf Security has specific insight into the latest techniques being used by cybercriminals in the fast-changing cybercrime landscape. To date, HP Wolf Security customers have clicked on over 25 billion email attachments, web pages, and downloaded files with no reported breaches.

From February 2022, Microsoft began blocking macros in Office files by default, making it harder for attackers to run malicious code. Data collected by the HP Threat Research team shows that from Q2 2022, attackers have been diversifying their techniques to find new ways to breach devices and steal data. Based on data from millions of endpoints running HP Wolf Security, the research found:

—  The rise of QR scan scams: Since October 2022, HP has seen almost daily QR code “scan scam” campaigns. These scams trick users into scanning QR codes from their PCs using their mobile devices – potentially to take advantage of weaker phishing protection and detection on such devices. QR codes direct users to malicious websites asking for credit and debit card details. Examples in Q4 included phishing campaigns masquerading as parcel delivery companies seeking payment.

—  HP noted a 38% rise in malicious PDF attachments: Recent attacks use embedded images that link to encrypted malicious ZIP files, bypassing web gateway scanners. The PDF instructions contain a password that the user is tricked into entering to unpack a ZIP file, deploying QakBot or IcedID malware to gain unauthorised access to systems, which are used as beachheads to deploy ransomware.

—  42% of malware was delivered inside archive files like ZIP, RAR, and IMG: The popularity of archives has risen 20% since Q1 2022, as threat actors switch to scripts to run their payloads. This is compared to 38% of malware delivered through Office files such as Microsoft Word, Excel, and PowerPoint.

“We have seen a rise in scan scams, malvertising, archives and PDF malware recently, and we would encourage everyone to look out for emails and websites that ask to scan QR codes and give up sensitive data, as well as PDF files linking to password-protected archives. Being aware of the signs to watch out for is the first line of defense when it comes to detecting and eliminating any breaches, it ensures these threat actors don’t gain access to sensitive data and move throughout systems,” explains Val Gabriel, Managing Director of HP Ireland.

In Q4, HP also found 24 popular software projects imitated in malvertising campaigns used to infect PCs with eight malware families – compared to just two similar campaigns in the previous year. The attacks rely on users clicking on search engine advertisements, which lead to malicious websites that look almost identical to the real websites.

“While techniques evolve, threat actors still rely on social engineering to target users at the endpoint,” comments Dr Ian Pratt, Global Head of Security for Personal Systems, HP Inc.

“Organisations should deploy strong isolation to contain the most common attack vectors like email, web browsing and downloads. Combine this with credential protection solutions that warn or prevent users from entering sensitive details onto suspicious sites to greatly reduce the attack surface and improve an organisation’s security posture.”

HP Wolf Security runs risky tasks like opening email attachments, downloading files and clicking links in isolated, micro-virtual machines (micro-VMs) to protect users, capturing detailed traces of attempted infections. HP’s application isolation technology mitigates threats that might slip past other security tools and provides unique insights into novel intrusion techniques and threat actor behaviour.

The full report can be found here: https://threatresearch.ext.hp.com/hp-wolf-security-threat-insights-report-q4-2022/