The QR codes built with text-based so-called ASCII/Unicode blocks look like regular QR codes in an e-mail message, but to a detection system based on image scanning they appear bland. This means that security tools that rely solely on image scanning cannot determine whether a malicious link is embedded in the code.
- You should always be careful when scanning QR codes. Because while they have made our daily lives easier, they have also opened new doors for cybercriminals. As attacks become more sophisticated, having an AI-based defense becomes increasingly important. It is also important to set up robust access and authentication controls, train employees and promote a strong security culture to be able to detect new scorching, comments Peter Graymon, responsible for Barracuda Networks in the Nordics.
By using so-called Blob-URIs (Universal Resource Identifiers), the attackers can also make it more difficult for security systems to detect QR code phishing attacks. Because Blob URIs do not retrieve information from regular URLs, traditional tools that check and block malicious links may have difficulty recognizing the threat. In addition, they can be difficult to track and analyze because they are created quickly and can disappear just as quickly.
– As security tools evolve to detect and block QR code-based attacks, the attackers try to find alternative routes. The new generation of QR code-based phishing methods have been developed to evade detection by making it impossible for image scanning tools to read the code or by making it difficult for detection systems to identify and block malicious content, said Ashitosh Deshnur, security analyst at Barracuda.
Read more here"
English 
Svenska