Daily QR “Scan Scams” Phishing Users on their Mobile Devices
March 16 2023 - 9:00AM
HP Inc. (NYSE: HPQ) today issued its latest quarterly HP Wolf
Security Threat Insights Report, showing hackers are diversifying
attack methods, including a surge in QR code phishing campaigns. By
isolating threats on PCs that have evaded detection tools, HP Wolf
Security has insights into the latest techniques being used by
cybercriminals in the fast-changing cybercrime landscape. To date,
HP Wolf Security customers have clicked on over 25 billion email
attachments, web pages, and downloaded files with no reported
breaches. Further HP Wolf Security insights will be featured at the
upcoming Amplify Partner Conference, March 28-30, McCormick Place
Chicago.
From February 2022, Microsoft began blocking macros in Office
files by default, making it harder for attackers to run malicious
code. Data collected by the HP Threat Research team shows that from
Q2 2022, attackers have been diversifying their techniques to find
new ways to breach devices and steal data. Based on data from
millions of endpoints running HP Wolf Security1, the research
found:
- The rise of QR scan
scams: Since October 2022, HP has seen almost daily QR
code “scan scam” campaigns. These scams trick users into scanning
QR codes from their PCs using their mobile devices – potentially to
take advantage of weaker phishing protection and detection on such
devices. QR codes direct users to malicious websites asking for
credit and debit card details. Examples in Q4 included phishing
campaigns masquerading as parcel delivery companies seeking
payment.
- HP noted a 38%
rise2 in malicious PDF
attachments: Recent attacks use embedded images that link
to encrypted malicious ZIP files, bypassing web gateway scanners.
The PDF instructions contain a password that the user is tricked
into entering to unpack a ZIP file, deploying QakBot or IcedID
malware to gain unauthorized access to systems, which are used as
beachheads to deploy ransomware.
- 42% of malware was delivered
inside archive files like ZIP, RAR, and
IMG: The popularity of archives has risen 20% since Q1
2022, as threat actors switch to scripts to run their payloads.
This is compared to 38% of malware delivered through Office files
such as Microsoft Word, Excel, and PowerPoint.
“We have seen malware distributors like Emotet try to work
around Office’s stricter macro policy with complex social
engineering tactics, which we believe are proving less effective.
But when one door closes another opens – as shown by the rise in
scan scams, malvertising, archives, and PDF malware,” explains Alex
Holland, Senior Malware Analyst, HP Wolf Security threat research
team, HP Inc.
“Users should look out for emails and websites that ask to scan
QR codes and give up sensitive data, and PDF files linking to
password-protected archives.”
In Q4, HP also found 24 popular software projects imitated in
malvertising campaigns used to infect PCs with eight malware
families – compared to just two similar campaigns in the previous
year. The attacks rely on users clicking on search engine
advertisements, which lead to malicious websites that look almost
identical to the real websites.
“While techniques evolve, threat actors still rely on social
engineering to target users at the endpoint,” comments Dr. Ian
Pratt, Global Head of Security for Personal Systems, HP Inc.
“Organizations should deploy strong isolation to contain the
most common attack vectors like email, web browsing and downloads.
Combine this with credential protection solutions that warn or
prevent users from entering sensitive details onto suspicious sites
to greatly reduce the attack surface and improve an organization’s
security posture.”
HP Wolf Security runs risky tasks like opening email
attachments, downloading files and clicking links in isolated,
micro-virtual machines (micro-VMs) to protect users, capturing
detailed traces of attempted infections. HP’s application isolation
technology mitigates threats and provides unique insights into
novel intrusion techniques and threat actor behavior.
The full report can be found here:
https://threatresearch.ext.hp.com/hp-wolf-security-threat-insights-report-q4-2022/
About the data
This data was anonymously gathered within HP Wolf Security
customer virtual machines from October-December
2022.
About HP
HP Inc. (NYSE: HPQ) is a global technology leader and creator of
solutions that enable people to bring their ideas to life and
connect to the things that matter most. Operating in more than 170
countries, HP delivers a wide range of innovative and sustainable
devices, services and subscriptions for personal computing,
printing, 3D printing, hybrid work, gaming, and more. For more
information, please visit: http://www.hp.com.
About HP Wolf Security
HP Wolf Security is a new breed of endpoint security. HP’s
portfolio of hardware-enforced security and endpoint-focused
security services are designed to help organizations safeguard PCs,
printers, and people from circling cyber predators. HP Wolf
Security provides comprehensive endpoint protection and resiliency
that starts at the hardware level and extends across software and
services. Visit
https://www.hp.com/uk-en/security/endpoint-security-solutions.html.
1 HP Security is now HP Wolf Security. Security features vary by
platform, please see product data sheet for details.2 As detailed
in page 2 of the HP Wolf Security Q4 Threat Insights Report
Media Contacts
Vanessa GodsalHP Media Relationsvgodsal@hp.com
HP (NYSE:HPQ)
Historical Stock Chart
From Nov 2024 to Dec 2024
HP (NYSE:HPQ)
Historical Stock Chart
From Dec 2023 to Dec 2024