One Article Review
| Source |  ProofPoint |
|---|---|
| Identifiant | 8422883 |
| Date de publication | 2023-12-14 09:00:56 (vue: 2023-12-14 23:07:37) |
| Titre | La détection de code QR malveillant fait un bond en avant géant Malicious QR Code Detection Takes a Giant Leap Forward |
| Texte | Proofpoint introduces inline, pre-delivery QR code detection engine to help protect against imaged-based QR code phishing attacks QR code phishing, also known as quishing, is the latest attack hitting inboxes. This emerging threat is able to get around traditional email defenses and is forging a new way to deliver email attacks directly to users. Along with email phishing, executive impersonation, spear phishing and business email compromise (BEC), this threat has become one of the top concerns for security and IT teams. In response, Proofpoint has launched new inline sandboxing capabilities to detect and stop suspicious QR code threats. Not only do we support behavioral and sandbox detection engines, but we also provide pre- and post-scanning for risky QR codes. When combined, these capabilities more accurately detect and better protect against this new threat vector. Most API-based email security tools rely on behavioral signals, which means they can only detect a suspicious QR code email after it has been delivered to the user\'s inbox. In contrast, Proofpoint stops attacks pre-delivery, so threats can never make it to users\' inboxes. In this blog post, we\'ll cover what you should know about QR code phishing and detection-and how Proofpoint can help. Why QR codes? When Microsoft disabled macros to prevent threat actors from exploiting them to deliver malware, threat actors started to test various new attack delivery techniques, such as QR codes. Used by marketers as a quick and easy way to connect with consumers and drive engagement, QR codes have become a part of our daily lives and are now used in retail stores, airline tickets, contactless menus and scan-to-pay, among many others. While it\'s common knowledge that standard QR codes can be used in malicious ways, a recent Scantrust QR code survey found that “over 80% of US-based QR code users said that they think QR codes are safe.” It\'s this inherent trust of QR codes that threat actors depend on. That and the fact that QR codes do not expose malicious URLs make them very hard detect with traditional email security tools. What is QR code phishing? A QR code scam is when a bad actor creates a QR code phishing campaign to trick a user into navigating to a malicious URL. This leads them to a malicious website that then harvests their credentials or downloads malware onto their device. These campaigns include payment scams, package scams, email scams and even donation scams during the holiday season. Because all QR codes look similar, users are easily fooled. Figure 1: How a QR scam typically works. Why are QR codes getting through? Legacy email security providers and most API-based email security tools have a very difficult time detecting these attacks. That\'s because these tools scan email messages for known malicious links-they don\'t scan images for links that are hidden inside QR code images. This attack method also creates a new security blind spot. QR codes are scanned by a separate device, like a smartphone, from where the email is delivered. And smartphones are less likely to have robust security protection, which is needed to detect and prevent these attacks. For this reason, it\'s essential that an email security tool detects and blocks QR code phishing emails before they reach users\' inboxes. When messages are scanned post-delivery, like with API-based tools, there\'s a chance that users will get to them first-before they\'re clawed back. Post-delivery-only detection risks Post-delivery-only email security tools claim to “detect and block” QR code phishing emails, but they simply cannot. While they may “detect” a suspicious QR code email, it\'s only after the threat has been delivered to the user\'s inbox. Moreover, these tools do not sandbox suspicious QR codes. This means they have a high miss rate-which creates more risk for your company. Besides creating more risk, they also create more work for your teams. By relying solely on behavioral anomalies, these tools |
| Envoyé | Oui |
| Condensat | 000 100 230 250 able about abused access account accounts accurately across action activities actor actors addition additional adds advanced aegis after against ahead airline alerts all allow along already also among analysis analytics analyzing anomalies any api applications approach are around attached attachments attack attackers attacks attributes automated automates automatically available awareness back bad based bec because become been before behavioral being benefit besides better blind block blocking blocks block” blog both break brief business but came campaign campaigns can cannot capabilities capability chain chance chances claim clawed closer cloud code codes codes combined common companies company comprehensive compromise compromised concerns condemned connect consumers contactless contains continues continuously contrast control costly cover create creates creating credentials customers cybersecurity daily damages day decades deceptive deemed deeper defense defenses deliver delivered delivery depend depth desktop detect detecting detection detection detects determine device difficult directly disabled documents doesn don donation download downloads drive during dwell easier easily easy education effective efficacy email emails emerging employees enabled encoded engagement engine engines enterprise essential even ever executive explainability exploiting expose extracting extremely fact fake false far features fidelity figure first flag following: fooled forensics forging fortune forward forward: found from generates get getting get security giant good got greatly growing hard harvests has have headers help helping hidden high hitting holiday hostile how identify imaged images impersonation inbox inboxes include indicate inherent initial inline innovate innovating innovation inside inspection intelligence introduces inundated invested investigated investments its itself just keep keeps key know knowledge known laptop later latest launched layer layered layering lead leads leap learn learning legacy legitimate less let like likely line links lives login look lot machine macros make malicious malware many market marketers may means menus message messages method microsoft minimum miss mobile modern more moreover most multi navigating need needed needs never new newly not now number numerous one ones only onto organization organizations other others out pace package pages parsing part partners past patents pay payload payment pdfs per phishing platform positives post potentially pre prevent prevention prioritize probably proliferating proofpoint proofpoint protect protection provide providers provides quick quickly quishing rapid rate reach reaching reason receiver recent recommend recommendations reduce reduces rely relying remains remediation removed report reporting resources response retail rise risk risks risky robust safe said sandbox sandboxing scalable scale scam scams scams scan scanned scanning scantrust season secured security sender sensitive sent separate services short should shows signals similar simple simply single smartphone smartphones solely solution solutions sophisticated spear specifically spot standard started stay step stop stops stores such supplier supply support sure survey suspicious take takeover takeover attacks takes team teams techniques technologies test than that them then there these they think thousands threat threats through tickets time today tool tools top topics traditional trick trust turn two types typically unauthorized unlike url urls used user users uses various vector vendors very victim way ways website well what when where which why will within word work works your defend preventing your “detect “detect” “over |
| Tags | Malware Tool Threat Mobile Cloud |
| Stories | |
| Notes | ★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.