Dark
Light

QR Code Campaign Targets Major Energy Firm – a new way to target grids

1 min read
294 views
smart grid, qr code, energy,

A major QR code phishing campaign has recently come to light, with a major US-based energy company serving as one of the main targets.

Since the campaign’s inception in May 2023, there has been a 2400 % increase in volume, highlighting the necessity of dealing with this new threat.

Cofense, a cybersecurity company, has been strongly observing this campaign. The company claimed in an advisory released on Wednesday that the energy sector behemoth was the target of over 29 % of the malignant emails, which totaled more than 1000. Manufacturing, insurance, technology, and financial services companies made up a combined 37 % of the attacks, which also affected other industries.

The attackers ‘ andnbsp’s method of operation entails sending emails that pass for Microsoft security alerts. Users are enticed to record QR codes in these emails in an effort to improve security measures by the PNG or PDF attachments.

According to user interaction requirements, QR codes have traditionally been thought of as a limited attack vector. However, destructive actors have cleverly used them to get around security precautions and increase the likelihood of productive phishing attempts.

According to My1Login CEO Mike Newman,” This is a caring campaign that shows how criminals are testing the use of QR codes to make phishing scams appear more realistic.”

Because QR codes won’t include the typical indicators that an email might be suspicious, such as spelling and language errors, people are more likely to fall for them when they receive these emails. Additionally, it’s a brand-new attack vector that most users probably are n’t aware of.

In actuality, the QR codes incorporated into the emails point users in the direction of ostensibly reasonable domains like Bing and Salesforce, which have been used as weapons to launch attacks.

Cofense suggested a multifaceted strategy to counteract this recent wave of assaults. As a first line of defense, using QR code scanners and image recognition technology can be useful, but user education is still crucial.

Not all security measures are able to spot destructive QR codes. Organizations that believe their security controls are adequate could face a serious risk if they are violated.

Therefore, encouraging staff to refrain from scanning QR codes from unwelcome emails can be crucial in protecting both business and personal security. Rapid adaptation and strong defenses are essential to fend off potential attacks as this campaign demonstrates the evolving strategies of cybercriminals.

Leo Portal

Leo is an expert in the field of smart city research and an overall tech-enthusiast with an emphasis on smart energy, IOT, smart homes and governance. After a master degree in international administration at the University of Gothenburg in Sweden, and a master in public management at Fudan University in China, he pursued research studies in the field of smart cities at the European University Institute. This led him to publish multiple articles on smart cities. Among them “Using Smart People to Build Smarter: How Smart Cities Attract and Retain Highly Skilled Workers to Drive Innovation (Belgium, Denmark, the Netherlands, Poland)” published in the Smart Cities and Regional Development Journal (SCRD) and “Establishing Participative Smart Cities: Theory and Practice”, also published in the SCRD Journal. He regularly audits and advises municipalities and regional governments on their smart city strategies. He is currently writing a chapter for Springer on smart mobility in French smart cities.

Leave a Reply

Your email address will not be published.

battery research, research development
Previous Story

The major challenges to address with battery R&D : Insights from EUROBAT

Next Story

Global IoT Trust Survey Reveals Security Concerns

Latest from News Feed

Don't Miss