SlashNext, the leader in SaaS-based Integrated Cloud Messaging Security across email, web, and mobile, announced the release of QR Code Phishing Protection to stop Quishing, QRLJacking and other scams distributed via malicious QR codes. SlashNext’s QR Code Phishing Protection is the first security solution to offer multi-channel Quishing protection that blocks malicious QR codes in email, mobile, web and messaging channels such as Slack, iMessage, Microsoft Teams, and more.
The use of QR codes in cyberattacks has grown dramatically in the wake of widespread adoption of QR codes during the pandemic for legitimate, contact-free purposes. Unlike other security solutions that aim to address Quishing (QR code phishing) and QRLJacking (QR code login jacking), SlashNext’s solution leverages both its patent-pending computer vision and a new QR code natural language processing (NLP) classifier and protects users from more than just credential Quishing. Its ability to detect malicious intent in both the QR code itself as well as the accompanying message makes it the most comprehensive and accurate protection against QR-code based attacks.
“In recent months, Quishing and QRLJacking have contributed to the huge growth we have observed in phishing,” said Patrick Harr, CEO, SlashNext. “As a security company focused on phishing protection, we dedicate resources to continuously observe attack patterns, technology innovations leveraged by cybercriminals, and overall trends in the security landscape in order to anticipate and proactively address emerging threats. We are pleased to extend this critical protection to all existing and new customers.”
Also Read: Liongard Forges Industry Partnerships to Power Continuous Cybersecurity Posture Management
In October 2023, SlashNext Threat Labs published a blog post detailing how threat actors leverage QR codes for various attacks and breach attempts. Quishing, a blend of QR code and phishing techniques, manipulates QR codes for nefarious purposes. With Quishing, the attacker generates a QR code embedded with a phishing link or malware download and then distributes the QR code to victims via phishing emails, digital ads, social media, or even posters in common areas. Believing the QR code came from a legitimate source, a victim scans the QR code with their mobile phone camera.
QRLJacking is a social engineering method that exploits the “login with QR code” feature available on many legitimate apps and websites and is leveraged by bad actors to gain full control of victims’ accounts.
“Without proper protection, it is nearly impossible for the average user to distinguish a legitimate QR code from a malicious code,” continued Harr. “It is unreasonable to expect employees and everyday users to avoid QR codes altogether when they are quickly becoming ubiquitous in many legitimate service industries and for login purposes. However, the cybercriminals know this as well, which is why we will only see increased reliance on Quishing and QRLJacking as attack techniques.”
SOURCE: PRNewswire