Cybersecurity researchers are warning the public about a new wave of QR code phishing, often called quishing, that hosts fake websites using Microsoft Sway infrastructure.
Researchers in cybersecurity are alerting the public to a new campaign of QR code phishing, often known as quishing, which uses Microsoft Sway infrastructure to host phony websites. This underscores the misuse of trustworthy cloud services for malevolent intent. Researchers at Netskope Threat Labs Jan Michael Alcantara stated, “By using legitimate cloud applications, attackers provide credibility to victims, helping them to trust the content it serves.”” In addition, a victim can be convinced of the legitimacy of a Sway page by using their Microsoft 365 account, into which they are already logged in, when they open it. Additionally, Sway can be shared via an iframe installed on a website or a link (URL or visual).
The most sought-after industries for the attacks have been technology, manufacturing, and finance, with a focus on users in North America and Asia. A cloud-based application called Microsoft Sway can be used to create documentation, presentations, and newsletters. Since 2015, it has been a member of the Microsoft 365 product line. According to the cybersecurity company, starting in July 2024, traffic to specific Microsoft Sway phishing URLs increased by 2,000 times. The ultimate purpose of these attempts is to obtain users’ Microsoft 365 credentials. This is accomplished by providing fake QR codes posted on Sway, which lead visitors to phishing websites upon scanning.
Some of these quishing attempts have been seen to use Cloudflare Turnstile to conceal the domains from static URL scanners in an additional attempt to elude static analysis efforts. The operation is noteworthy for its use of adversary-in-the-middle (AitM) phishing techniques, also known as transparent phishing, to attempt to log the victim into the service while simultaneously obtaining passwords and two-factor authentication (2FA) codes through the use of phony login pages. “Defenders face certain challenges when victims are redirected to phishing websites via QR codes,” Michael Alcantara stated. “Since the URL is embedded inside an image, email scanners that can only scan text-based content can get bypassed.”
A user may also scan a QR code with a different device, such as their smartphone, if they receive one. Victims are frequently more susceptible to abuse because security measures on mobile devices—especially personal cell phones—are frequently less strict than those on laptops and desktop computers.” Phishing attempts have already exploited Microsoft Sway. Group-IB published details of a campaign in April 2020 called PerSwaysion, which used Sway as a springboard to send victims to credential harvesting websites, effectively breaching the corporate email accounts of at least 156 high-ranking officers at different companies with locations in Germany, the U.K., the Netherlands, Hong Kong, and Singapore.
The development coincides with the growing sophistication of quishing operations due to security providers creating countermeasures to identify and stop such image-based threats. According to SlashNext CTO J. Stephen Kowski, “attackers have now started crafting QR codes using Unicode text characters instead of images—a clever twist.” “This new technique, which we’re calling ‘Unicode QR Code Phishing,’ presents a significant challenge to conventional security measures.”
Because the assault just uses written characters instead of photos, it completely evades detections meant to look for suspicious images, which is what makes it so hazardous. Moreover, the Unicode QR codes appear much different when viewed in plain text and may render flawlessly on screens without any problems, which further complicates detection efforts.
Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter
About us:
CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.
CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.