• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Sodin Ransomware Exploits Windows Vulnerability and Processor Architecture
July 4, 2019
Rewterz Threat Alert – OUTLOOK VULNERABILITY Exploited by Threat Actors
July 4, 2019

Rewterz Threat Alert – Phishing Campaign Exploits QR Codes To Bypass Security Controls

July 4, 2019

Severity

Medium

Analysis Summary

A new phishing campaign used to trick users. This campaign exploits QR codes to evade security measures. The new phishing campaign makes use of QR Codes instead of the conventional method of using malicious URLs. This technique aids the attackers to elude URL analysis by various products.

The phishing attack begins after an email with the subject line “Review Important Document” reaches the victim’s mailbox. The email appears as a usual SharePoint email, which bears a QR code in the message body. The recipient then needs to scan the QR code to view the supposed document.

image-1562237986.jpg

This embedded image with the QR code actually contains the URL to the malicious site. When the victim scans this code via their smartphone, the URL then opens on the victim’s smartphone. (Most recent smartphones directly open web links in the default phone browser.) The victim then sees a fake SharePoint website asking to log in via AOL, Microsoft, or any other account.

image-1562238085.jpg

And this is it. When the user enters their login credentials, the attackers seamlessly get the username and password to misuse in any preferred manner.

Impact

  • Credential theft
  • Exposure of sensitive information

Indicators of Compromise

Email Subject

Review Important Document

Remediation

  • Always be suspicious about emails sent by unknown senders.
  • Never click on the link/ attachments sent by unknown senders.
  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.