August 28, 2024 at 03:03AM
Cybersecurity researchers have identified a new QR code phishing campaign using Microsoft Sway to host fake pages, exploiting legitimate cloud services. These attacks have targeted users in Asia and North America, particularly in technology, manufacturing, and finance sectors. The phishing tactic involves tricking users into scanning QR codes to steal Microsoft 365 credentials. Attackers are now using Unicode QR codes, posing a significant challenge to traditional security measures.
Key Takeaways from the Meeting Notes:
– Phishing attacks leveraging QR codes and Microsoft Sway infrastructure to host fake pages have been observed by cybersecurity researchers. The attackers use legitimate cloud applications to gain credibility and persuade victims to trust the content they serve.
– The attacks have primarily targeted users in Asia and North America, particularly in the technology, manufacturing, and finance sectors.
– A 2,000-fold increase in traffic to unique Microsoft Sway phishing pages has been observed since July 2024, with the goal of stealing users’ Microsoft 365 credentials by serving bogus QR codes that, when scanned, redirect users to phishing websites.
– Some quishing campaigns have been observed to use Cloudflare Turnstile to evade static analysis efforts and hide the domains from static URL scanners.
– Adversary-in-the-middle (AitM) phishing tactics, using lookalike login pages to siphon credentials and two-factor authentication (2FA) codes, have been observed in these attacks.
– The use of QR codes poses challenges to defenders as they bypass email scanners that can only scan text-based content and make users more vulnerable, particularly on less secure mobile devices.
– Microsoft Sway has been previously abused in phishing attacks, including the PerSwaysion campaign in April 2020.
– Attackers have started crafting QR codes using Unicode text characters instead of images, presenting a significant challenge to conventional security measures. This new technique, referred to as ‘Unicode QR Code Phishing,’ bypasses detections designed to scan for suspicious images.
These takeaways provide a comprehensive understanding of the nature and sophistication of the phishing attacks, highlighting the need for vigilance and proactive measures to counter such threats.