HC3 White Paper TLP Clear: QR Code-Based Phishing (Quishing) as a Threat to the Health Sector

Executive Summary

Phishing – the use of phony e-mails to deliver malicious code – has historically been a successful means for cyberattackers to compromsie victim organizations and launch full-fledged, multi-staged cyberattacks. Phishing attacks are frequently utilized as the first stage of an attack – the infection vector – and this is especially true for the health sector. A cyberattack that begins with phishing often ends with ransomware and/or a major healthcare data breach. Quick response (QR) codes were designed to quickly read and transmit legitimate data, but have become increasingly abused as part of phishing attacks, called “quishing”. In this paper, we provide a brief overview of QR codes, phishing attacks, and the application of both of these to cyberattacks on the health sector. We conclude this analysis with recommended defense and mitigation actions to reduce the likeliness and effectiveness of phishing attacks, including those augmented by the use of QR codes.

QR Codes

A quick response code, or QR code, is a machine-readable image in the form of a matrix that transmits information when scanned by an informaiton system. QR codes connect the digital and physical world, and are frequently used by commercial tracking, advertising and convenience-oriented applications, and are compatible with and often utilized with modern smartphones. The term “quick response” refers to the purpose of a QR code to be scanned in order to access data, and this process happens very quickly. Legitimate QR codes are frequently sent via e-mail and as such, are also abused by those who use e-mail as part of cyberattacks, in the form of a phishing attack.

View the detailed report below.