This Password Hack Jumps From Laptop To Smartphone — Attacks Underway
Scanception password attack magically jumps from laptop to smartphone.
Your passwords are under attack. It really is as simple as that. I mean, it’s not surprising when 98.5% fail the most basic password hacking test, and cross-service password reuse just adds fuel to the credentials attack fire. Behind much of this barrage of threat actor activity lies one tactic: phishing. One newly analysed and ongoing password hacking campaign, given the name Scanception by security researchers, uses a transitional tactic to switch the attack from your laptop to your smartphone, which is likely to have much less protection. Here’s what you need to know.
The Scanception Password Hack Attack Explained
At the heart of the Scanception password hack campaign, as analyzed by the Cyble Research & Intelligence Labs team, is an old friend of the Forbes cybersecurity section, quishing. Oh my goodness, I just used that awful word, didn’t I? QR code phishing, to be a little longer-winded but much less cheesy, is where the scanning of a QR code takes the unsuspecting user to a malicious site where harm can be done. That might be by way of malware downloads, including infostealers, or more straightforward credential theft involving a cloned account login page.
“The attack chain typically begins with a phishing email containing a PDF lure that urges recipients to scan an embedded QR code,” the Cyble report said, noting this technique “effectively bypasses traditional email security and endpoint protection controls by shifting the attack surface to unmanaged personal mobile devices.”
In the space of just 12 short weeks, the threat actors behind the Scanception campaign, which is very much still active, ongoing and evolving, have used at least 600 unique PDF document lures, and Cyble reported that “nearly 80% of the quishing PDFs we observed had zero detections on VirusTotal.”
The attack has so far targeted a broad sweep of users across North America, EMEA and APAC regions, and high-value industries appear to be favored by the threat actors behind the campaign. These include tech, healthcare, manufacturing and financial sectors. Rather cleverly, the attackers have embedded the malicious QR code at the very end of a four-page PDF that appears legitimate. No doubt intended to evade those detection methods that only scan the start of a document, rather than the whole thing. To scan the QR code and access the further information it promises, the user must use their smartphone camera, thereby shifting the attack from the laptop to the phone.
Mitigating The Scanception Password Hack Attacks
The Cyble Research & Intelligence Labs team recommended the following mitigation measures:
- The deployment of email security solutions that are able to inspect both attachments and, importantly, embedded QR codes.
- Expanding security protections beyond the network perimeter.
- Monitoring for malicious domains and URLs.
- Emphasizing the dangers of QR-based attacks to staff.