According to Magni Sigurðsson, Senior Manager of Detection Technologies at Cyren, consumers and businesses should be on the look-out for QR code attacks. Sigurðsson outlines the growing problem to Digital Journal.
A QR code (an initialism for Quick Response code) is a type of matrix barcode (or two-dimensional barcode) used to access various services. The use of QR codes has seen an increase during the coronavirus pandemic. This includes the use of QR codes to show one’s vaccine status.
According to Sigurðsson: “Cybercrime has long operated as a dark mirror to the legitimate business world, and threat actors have always been adept at incorporating technological trends into their attacks.”
This means the use of QR-code hacking is perhaps unsurprising.
Sigurðsson continues: “The latest example is the resurgence of the QR code. This often-overlooked technology has been around for decades, but has returned to prominence over the last two years due to the COVID-19 pandemic. The scannable software is well-suited to delivering information in a COVID-safe fashion at set locations, and we have seen an increase in its use online as well.”
Jumping on the coronavirus pandemic bandwagon has been a common tactic among wrongdoers. Sigurðsson outlines why QR-codes have attracted interest: “Unsurprisingly, the cybercriminal community wasted little time taking advantage of this trend, evidenced by the increased number of attacks exploiting QR codes. As the software becomes more mainstream in marketing and sales activity over the next year, we anticipate attacks that utilize the tool to follow suit.”
Hackers also seek things that are in vogue, notes Sigurðsson: “QR code attacks are the latest example of attackers adapting their techniques to mirror popular technology trends, as well as finding new ways to evade security measures.”
We can expect the trend to continue, warns Sigurðsson. He states: “As QR codes gain in popular use over the next year, we can anticipate more attacks exploiting the medium. We have already seen QR attacks across multiple industries, and threat actors are also likely to begin using these techniques to target businesses as well as individual consumers.”
Sigurðsson’s final warning runs: “The use of QR codes ties into the wider movement towards mobile attacks, and we anticipate an increased use in SMS phishing as threat actors seek to evade desktop-based security.”