SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
High confidence yet increased breaches in QR & image phishing
Tue, 12th Mar 2024

A recent study conducted by IRONSCALES, a leading enterprise cloud email security platform, and Osterman Research has revealed a worrying disconnect between organisational confidence and capabilities in combating image-based and QR code phishing attacks. The study included responses from 300 IT and security professionals across a range of industries and geographies.

Perceived confidence was high, with over 70% of respondents believing their current security systems were highly effective against image-based and QR code phishing tactics. However, a revealing 76% divulged that their organisations had experienced such compromises within the last year, highlighting a concerning difference between perceived and actual efficacy of present defensive measures.

Key findings illustrate a rising awareness of image-based and QR code phishing, with almost 93% and 79% of IT and security professionals acknowledging targeting of their respective organisations. Interestingly, despite this high awareness, an alarming 94% of organisations admitted that these emergent attack vectors have circumvented their email security protocols, indicating an urgent need to enhance the defensive strategies.

The research points to a critical need for evolved strategies to tackle the growing volume and complexity of image-based phishing attacks. This threat extends far beyond the more commonly reported technique of QR-code phishing, also known as quishing. Expectations indicate that such attacks will continue to grow in number, complexity and evasiveness, with 60% of professionals predicting worsening conditions, thereby necessitating an urgent and coordinated response to bolster organisational defences.

Challenges are not only technical: 76% of organisations admitted that their existing training programs are inadequate in adequately preparing users to detect and resist these attacks. This amplifies the crucial role of human factors in cybersecurity, reiterating the need for an integrated approach that combines robust technological defences with thorough user education and effective security protocols.

The CEO of IRONSCALES, Eyal Benishti, commented: “Image-based phishing represents a complex problem. Increasingly, threat actors are using sophisticated techniques to design images that resemble traditional text-based emails, allowing them to bypass traditional security solutions. Our latest research with Osterman emphasises this urgent problem, underlining the necessity for adaptive, intelligent email security services that can keep up with the evolving tactics of cybercriminals."

These research findings serve as a poignant reminder of the dynamic nature of cybersecurity threats. The report, therefore, underscores the need for organisations to reassess their current email security protocols and to take an integrated approach that includes advanced detection technologies, comprehensive user training, and a rethinking of current security strategies to address the nuanced risks associated with image-based and QR code phishing attacks.

Benishti also concludes, "As we navigate this increasingly complex threat landscape, IRONSCALES remains at the vanguard of email security innovation, committed to providing organisations with the skills and tools they need to counteract today’s most advanced tactics. Together, we can bridge the gap identified in the report, and foster a more resilient digital ecosystem."