Security News > 2021 > April > QR Codes Offer Easy Cyberattack Avenues as Usage Spikes

"Early in the pandemic, restaurants were using QR codes as menus or payment options, but as the pandemic continued throughout 2020, consumers used QR codes more frequently for practical things like visiting a doctor's office or picking up a prescription," according to Ivanti's report, issued on Wednesday.

"Meanwhile, social activities like dining out or enjoying a drink at a bar saw QR code usage decrease in that six-month period. Even offices and places of work saw an increase in usage going from 11 percent to 14 percent, emphasizing the shift in how QR codes have been used during the pandemic."

In terms of how real-world attacks are carried out, Goettl noted that hackers have been known to create adhesive labels with malicious QR codes and paste them over legitimate QR codes, allowing them to intercept or sit in the middle of transactions and capture payment information.

Hackers commonly leverage QR codes for phishing and malware attacks, he noted Malicious QR codes can direct users to legitimate-looking websites designed to steal credentials, credit-card data, corporate logins and more; or to sites that automatically download malicious software onto mobile devices.

Users should be wary of QR codes in public places that look like they've been hastily pasted or taped up, potentially replacing a legitimate QR code.

"QR codes have become so commonplace that people have become very relaxed to scanning them. The greater reliance on QR codes there is, the greater the likelihood that malicious QR codes will succeed as the avenue for installing malicious code, ransomware, or releasing contact or payment information from the mobile device."

News URL

https://threatpost.com/qr-codes-cyberattack-usage-spikes/165526/