Security Challenges Rise as QR Code and AI-Generated Phishing Proliferate

Summary

Between Q4 2023 and Q1 2024, cybercriminals increasingly used QR codes and AI-generated phishing tactics to target executives, exploiting AWS SNS for malicious SMS and VAST tags for malvertising. These sophisticated methods enable threat actors to bypass security measures, capture multi-factor authentication (MFA) tokens, and deceive users more effectively. The report highlights a 433% increase in references to QR code phishing and a 1,265% rise in phishing attacks potentially linked to AI tools like ChatGPT. To protect against these threats, organizations should increase employee training, deploy advanced security tools, and ensure oversight of corporate and personal devices.

Security Challenges Rise as QR Code and AI-Generated Phishing Proliferate

Phishing threats continue to evolve as cybercriminals adopt innovative techniques. Between Q4 2023 and Q1 2024, Insikt Group's research reveals a surge in QR code and AI-generated phishing attacks targeting executives and leveraging sophisticated methods to bypass security measures.

QR code phishing, also known as "quishing," involves using manipulated or fake QR codes for malicious purposes. This technique has become prevalent, with a 433% increase in QR code scans between 2021 and 2023. Phishing-as-a-service platforms like Tycoon 2FA and Greatness now incorporate QR codes to steal credentials and MFA tokens. Executives are particularly targeted, receiving 42 times more QR code attacks than other employees due to their broader access to company resources.

The rise of large language models (LLMs) like ChatGPT has almost certainly facilitated the creation of highly believable phishing emails that are devoid of grammatical errors, more convincing, and harder to detect. Threat actors can generate 1,000 phishing emails in under two hours for as little as $10, with LLMs likely contributing to a 1,265% increase in phishing attacks. Threat actors have also started using Amazon Web Services (AWS) Simple Notification Service (SNS) to automate smishing attacks and Video Ad Serving Templates (VAST) tags for malvertising. These methods allow cybercriminals to scale their operations and evade detection. SNS Sender scripts enable bulk malicious SMS delivery, while VAST tags deliver malicious links through video players, redirecting victims to phishing pages.

Mitigations

To counter these evolving threats, organizations should implement several measures:

1. Employee Education: Regular training and phishing simulations, including QR code-based scenarios, can help users identify and report suspicious activities.
2. Secure QR Code Scanning Apps: Use QR code scanning apps with security features like URL filtering to detect malicious codes.
3. Endpoint Security Solutions: Enhance mobile device security with comprehensive endpoint security solutions and MDM systems.
4. Advanced Machine Learning Detection: Employ advanced ML systems for detecting AI-generated phishing emails.
5. SMS Filtering Technology: Use SMS filtering to identify and block malicious SMS messages.
6. VAST Tag Validation: Validate VAST tags before integration to detect malicious content.

The future of cybersecurity will likely see continued use of QR code phishing, AWS SNS smishing, and VAST tags malvertising due to their effectiveness in bypassing security measures. However, as security solutions evolve and user awareness improves, the popularity of these techniques may decline. Meanwhile, the increasing use of LLMs for phishing is expected to persist, making it essential for organizations to stay ahead with advanced security measures and continuous employee education.

To read the entire analysis, click here to download the report as a PDF.