Cybersecurity specialists at Barracuda Networks have detected a new wave of phishing attacks using QR codes. These attacks use advanced techniques to bypass conventional security defenses. These QR codes are made up of ASCII/Unicode characters instead of the usual static images, and use “Blob” Universal Resource Identifiers (URIs) to create hard-to-identify phishing pages.

In the last year, these attacks have increased considerably; Barracuda data indicates that approximately 1 in 20 mailboxes were attacked with QR codes in the last quarter of 2023. This type of phishing is a growing threat to organizations.

With the increasing sophistication of cybercrimes, it is crucial to implement multi-layered defense strategies, preferably based on artificial intelligence, to detect new threats, establish strong access and authentication controls, educate employees, and foster a robust security culture.

“QR code phishing attacks are on the rise, and as security tools adapt to detect and block them, attackers will try to deploy new techniques,” said Ashitosh Deshnur, threat analyst at Barracuda.

QR codes and cybercriminals

These QR codes, built with ASCII/Unicode blocks and designed for malicious activities, look like normal QR codes in emails. However, detection systems that rely on image scanning cannot identify malicious links embedded in them.

Using Binary Large Object URIs, or Blob, allows attackers to evade detection because this data comes from external URLs, causing traditional URL filtering and analysis tools to not initially recognize the content as malicious. Blob URIs are also difficult to track and analyze because they are created dynamically and can expire quickly.