QR Code phishing and MDO

QR code phishing campaigns have most recently become the fastest growing type of email-based attack. These types of attacks are growing and embed QR code images linked to malicious content directly into the email body, to evade detection. They often entice unwitting users with seemingly genuine prompts, like a password reset or a two-factor authentication request. Microsoft Defender for Office 365 is continuously adapting as threat actors evolve their methodologies. In this blog post we’ll share more details on how we’re helping defenders address this threat and keeping end-users safe.

It’s Friday and blog time

It’s difficult to detect for security vendors due to low signal for ML detection due to basically no text, embedded in attachments and so on. It’s brilliant as an attack technique.

MDO and EOP detects QR code inline in the mail flow and analyze the metadata and send the URL behind the QR to sandbox

All other attributes are also used for the final email verdict.

Statistics Microsoft Defender for office and QR code phishing at scale

  • With the power of existing capabilities and robust tools we have built, many heuristics-based rules were released within minutes leading to ~1.5 million QR code phishing blocked in email body per day in the last several months! As the attack patterns evolve, new rules continue to get released and refined as needed.
  • The advanced detection technologies built to extract QR code related metadata (URL and text), have scanned more than 200 million unique URLs on average weekly, out of which more than 100 million came from QR codes.
  • Our advanced detection technologies have blocked more than 18 million unique phishing emails containing a QR code image in the email body on average weekly and around 3 million unique QR code phishing emails per day.
  • QR code phishing protection includes Commercial as well as Consumer emails. More than 96% of these are QR code phishing blocked by our technologies in Enterprise alone.

From: Protect your organizations against QR code phishing with Defender for Office 365 – Microsoft Community Hub

But even if you have all great security in-place, we can still not patch the end-users. User awareness training is critical for your data

We recommend you to read the full post at Protect your organizations against QR code phishing with Defender for Office 365 – Microsoft Community Hub

Happy Hunting

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.