cyber
TRENDS
Give some extra time to younger employees
This isn ’ t because they ’ re naïve – they ’ re probably more tech-smart than us in many ways . But they suffer far more from notification and alert fatigue than their older colleagues . That ’ s thanks in great measure to those endless ( and seemingly meaningless ) cookie acceptance buttons , which have trained an entire generation to mindlessly tick , click and wave through pop-ups and other notifications without giving them due attention .
Check-in with reception staff and anyone else responsible for opening or distributing mail
Are they routinely included in your cybersecurity training ? Have they heard about quishing , and do they routinely weed out any leaflets , flyers , and envelopes with QR codes on them ? If they are responsible for opening the mail , do they flag and / or check any mail containing QR codes ? If you use a digital mailroom or outsource mail centre operations , are you confident they are trained to spot potential quishing attacks ?
Check your tech stack
Email filtering , URL filtering and endpoint protection all protect staff from quishing attacks at various stages – so it ’ s vital to keep each of them up to date . Email filtering can block phishing emails with suspect QR codes before they reach their intended recipient . URL filtering can prevent potential victims from opening known malicious links hidden behind QR codes if the mail does get through .
If the user still manages to open a malicious link , endpoint protection can prevent QR codes from launching malware attacks or other harmful actions . Finally , if you suspect you ’ ve fallen victim to an attack , virus scanners and checkers can help identify and remove active and dormant malware .
Remember that your phone is your friend
These days , every QR reader app on every phone allows you to look at the link before you click it . So remind everyone in your organisation to do just that each time they come face to face with a QR code in any situation – not just in the office . It ’ s the same principle of double-checking a link in a potential phishing email and not clicking it if it looks wrong . A malicious URL will still look like a malicious URL when you review it in your QR code reader . So always check !
Caution , judgement and personal responsibility
As I said at the start , QR codes are everywhere . Their ubiquity is one of the cybercriminal ’ s biggest weapons . Furthermore , people don ’ t expect QR codes to expose them to malicious URLs . You ’ d trust a QR code on a car park sign , at a music festival , in an art gallery , or in a message from your friend , wouldn ’ t you ?
Unfortunately , this attitude has to change . We need to treat QR codes with the same degree of suspicion and cynicism as email links – and apply the same criteria for trust . So , next time you ’ re presented with a QR code , ask yourself if you trust the person or organisation supplying it . And if you ’ re in any doubt , don ’ t click on it .
Conclusions
Phishing attacks yield high rewards . So , even though cybersecurity defences have got much better at weeding out phishing emails before they reach their intended victims , cybercriminals aren ’ t going to give up easily . Quishing attacks form part of a wider strategy to find more creative and inventive techniques to bypass these defences and reach their victims . Other examples include attacks delivered via messaging and video conferencing apps – and attacker-in-the-middle / impersonation token attacks , which seek to outmanoeuvre multifactor authentication techniques .
Despite these changes , the end goal remains roughly the same : extract credentials or plant malware . The key lesson from the rise in quishing attacks is that we must never become complacent about cybersecurity and threat mitigation . New attacks will arrive , and we need to be ready for them . As such , we should expect – and require – our processes , procedures , systems , and training to evolve so our employees and organisations remain safe .
Certified interoperability with on-premise and cloud apps will also become increasingly important .
WWW . INTELLIGENTCISO . COM 21