Phishing attacks are steadily becoming more sophisticated, with cybercriminals investing in new ways of deceiving victims into revealing sensitive information or installing malicious software. One of the latest trends in phishing is the use of QR codes, CAPTCHAs, and steganography. See how they are carried out and learn to detect them.
网络钓鱼攻击正在变得越来越复杂,网络犯罪分子不断投资于欺骗受害者揭露敏感信息或安装恶意软件的新方式。网络钓鱼的最新趋势之一是使用QR码、验证码和隐写术。了解它们是如何实施的并学会如何检测它们。
Quishing, a phishing technique resulting from the combination of "QR" and "phishing," has become a popular weapon for cybercriminals in 2023.
Quishing是一种网络钓鱼技术,是“QR”和“phishing”相结合的结果,已成为2023年网络犯罪分子的热门武器。
By concealing malicious links within QR codes, attackers can evade traditional spam filters, which are primarily geared towards identifying text-based phishing attempts. The inability of many security tools to decipher the content of QR codes further makes this method a go-to choice for cybercriminals.
通过在QR码中隐藏恶意链接,攻击者可以规避传统的垃圾邮件过滤器,这些过滤器主要用于识别基于文本的网络钓鱼尝试。许多安全工具无法解密QR码的内容,因此这种方法成为网络犯罪分子的首选。
Analyzing a QR code with an embedded malicious link in a safe environment is easy with ANY.RUN:
在安全环境中分析嵌入恶意链接的QR码非常容易,您可以使用ANY.RUN:
-
Simply open this task in the sandbox (or upload your file with a QR code).
简单地在沙盒中打开此任务(或上传带有QR码的文件)。
-
Navigate to the Static Discovering section (By clicking on the name of the file in the top right corner).
导航到“Static Discovering”部分(通过点击右上角文件名称)。
-
Select the object containing the QR code.
选择包含QR码的对象。
-
Click "Submit to Analyze."
点击“提交进行分析”。
The sandbox will then automatically launch a new task window, allowing you to analyze the URL identified within the QR code.
沙箱将自动启动新的任务窗口,允许您分析QR码中识别的URL。
CAPTCHA is a security solution used on websites to prevent automated bots from creating fake accounts or submitting spam. Attackers have managed to exploit this tool to their advantage.
CAPTCHA是网站上用于防止自动机器人创建假帐户或提交垃圾信息的安全解决方案。攻击者设法利用这个工具获得了优势。
Attackers are increasingly using CAPTCHAs to mask credential-harvesting forms on fake websites. By generating hundreds of domain names using a Randomized Domain Generated Algorithm (RDGA) and implementing CloudFlare's CAPTCHAs, they can effectively hide these forms from automated security systems, such as web crawlers, which are unable to bypass the CAPTCHAs.
攻击者越来越多地使用CAPTCHA来掩盖虚假网站上的凭据窃取表单。通过使用随机域名生成算法(RDGA)生成数百个域名,并实施CloudFlare的CAPTCHA,他们可以有效地使这些表单对自动安全系统(如网络爬虫)隐藏起来,无法绕过CAPTCHA。
The example above shows an attack targeting Halliburton Corporation employees. It first requires the user to pass a CAPTCHA check and then uses a realistic Office 365 private login page that is difficult to distinguish from the real page.
上面的示例显示了针对Halliburton Corporation员工的攻击。它首先要求用户通过CAPTCHA检查,然后使用一个与真实页面难以区分的真实Office 365私人登录页。
Once the victim enters their login credentials, they are redirected to a legitimate website, while the attackers exfiltrate the credentials to their Command-and-Control server.
一旦受害者输入其登录凭证,他们将被重定向到合法网站,而攻击者则将凭证转移到其指挥和控制服务器。
Learn more about CAPTCHA attacks in this article.
在这篇文章中了解更多关于CAPTCHA攻击的信息。
Steganography is the practice of hiding data inside different media, such as images, videos, or other files.
隐写术是在不同媒体(如图像、视频或其他文件)中隐藏数据的做法。
A typical phishing attack that employs steganography begins with a carefully crafted email designed to appear legitimate. Embedded within the email is an attachment, often a Word document, accompanied by a link to a file-sharing platform like Dropbox. In the example below, you can see a fake email from a Colombian government organization.
典型利用隐写术进行网络钓鱼攻击的攻击由精心制作的电子邮件开始,旨在看起来合法。电子邮件中嵌入了一个附件,通常是Word文档,并附有一个指向像Dropbox这样的文件共享平台的链接。在下面的示例中,您可以看到来自哥伦比亚政府组织的虚假电子邮件。
The unsuspecting user that clicks the link inside the document downloads an archive, which contains a VBS script file. Upon execution, the script retrieves an image file, seemingly harmless but containing hidden malicious code. Once executed, the malware infects the victim's system.
不起疑的用户点击文件中的链接后会下载一个存档文件,其中包含一个VBS脚本文件。执行脚本后,它将检索一个图像文件,看似无害,但包含隐藏的恶意代码。一旦执行,恶意软件就会感染受害者的系统。
ANY.RUN is a malware analysis sandbox that is capable of detecting a wide range of phishing tactics and letting users examine them in detail.
ANY.RUN是一个恶意软件分析沙箱,能够检测各种网络钓鱼策略,并让用户详细研究它们。