Insikt Group reports a surge in QR code phishing and AI-generated phishing targeting executives between Q4 2023 and Q1 2024, aided by AWS SNS smishing and VAST-based malvertising to bypass defenses and capture MFA tokens. The findings note a 433% rise in QR code phishing references and a 1,265% increase in AI-assisted phishing, with recommended mitigations spanning training, secure QR scanning, and vigilant device management.
#QRCodePhishing #Quishing #Tycoon2FA #Greatness #ChatGPT #AWSSNS #VAST #Malvertising
#QRCodePhishing #Quishing #Tycoon2FA #Greatness #ChatGPT #AWSSNS #VAST #Malvertising
Keypoints
- QR code phishing (quishing) surged, with executives facing 42x more QR code attacks than other employees.
- AI-generated phishing emails are driving a large portion of the increase, enabled by large language models like ChatGPT.
- Threat actors use AWS Simple Notification Service (SNS) to automate smishing attacks via bulk SMS.
- VAST tags are employed for malvertising, delivering malicious links through video players that redirect to phishing pages.
- Phishing-as-a-service platforms Tycoon 2FA and Greatness have integrated QR codes to steal credentials and MFA tokens.
- Recommended mitigations include employee training, secure QR scanning apps, endpoint/mobile security, ML-based phishing detection, SMS filtering, and VAST tag validation.
MITRE Techniques
- [T1566.001] Phishing: Spearphishing Link β QR codes direct users to phishing pages to steal credentials and MFA tokens. βQR codes to steal credentials and MFA tokens.β
- [T1189] Drive-by Compromise β VAST tags deliver malicious links through video players, redirecting victims to phishing pages. βVAST tags deliver malicious links through video players, redirecting victims to phishing pages.β
- [T1566.003] Phishing: Smishing β AWS SNS-based bulk malicious SMS delivery used to conduct smishing campaigns. βSNS Sender scripts enable bulk malicious SMS delivery.β
- [T1566] Phishing β AI-generated phishing emails created with LLMs to produce highly believable messages. βThe rise of large language modelsβ¦ has almost certainly facilitated the creation of highly believable phishing emails that are devoid of grammatical errors.β
Indicators of Compromise
- [Domain] β RecordedFuture-related domains and hosts mentioned: recordedfuture.com, therecord.media, go.recordedfuture.com (examples of domains linked in the article and sources)
- [URL] β Example URLs cited as references or sources: https://www.recordedfuture.com/research/adversarial-intelligence-red-teaming-malicious-use-cases-ai, https://go.recordedfuture.com/hubfs/reports/cta-2024-0718.pdf
- [URL] β Source URL for the original post: https://www.recordedfuture.com/research/qr-code-and-ai-generated-phishing-proliferate
Read more: https://www.recordedfuture.com/research/qr-code-and-ai-generated-phishing-proliferate