Image-based attacks create a different set of challenges

While over 70% of organizations feel their current security stacks are effective against image-based and QR code phishing attacks, nearly 76% were still compromised in the last 12 months.

  • Wednesday, 6th March 2024 Posted 8 months ago in by Phil Alsop

IRONSCALES has shared critical findings from its latest research report conducted in partnership with Osterman Research, “Fortifying the Organization Against Image-Based and QR-Code Phishing Attacks.” The study surveyed 300 IT and security professionals across a variety of industries and geographies and unveiled a troubling paradox — while over 70% of respondents said they feel their current security stack is highly effective against image-based and QR code phishing, 76% reported being compromised by these types of attacks within the past 12 months — highlighting a stark disparity between the perceived and actual effectiveness of current defenses.

Some of the report’s key findings include:

Nearly 93% of IT and security professionals are aware of image-based phishing attacks targeting their organizations, and nearly 79% say the same about QR code attacks.

Nearly 76% of organizations were still compromised by image-based and QR code phishing attacks over the past 12 months.

While over 70% of IT and security professionals feel their current security stack is highly effective at detecting image-based and QR code phishing attacks, less than 6% were able to consistently detect and prevent them from reaching user inboxes.

The research reveals that organizations know of the rising threat posed by image-based and QR code phishing attacks, with over 90% of respondents acknowledging that such attacks target their organizations. However, despite this high level of awareness, an alarming 94% of these organizations have seen these emerging attacks bypass their email security stack. This discrepancy points to an urgent need for enhancing email security defenses and employee awareness training.

The Osterman research findings also spotlight the pressing need for advanced strategies to combat the increasing volume and complexity of image-based phishing attacks — a threat that extends far beyond the widely-reported technique of QR-code phishing (“quishing”). With 60% of surveyed professionals expecting the number, sophistication, and evasiveness of such attacks to worsen in the near future, this underscores a critical call to action for bolstering organizational defenses against this evolving digital threat.

What’s more, the research also reveals a significant portion of organizations face challenges related to the human element — with a staggering 76% of organizations conceding that their existing training programs are inadequate in equipping users to recognize and resist these threats.

Quishing Is Just the Beginning

While QR code attacks have garnered a great deal of media attention as of late, this new research report makes it clear that image-based phishing represents a much broader, more complex challenge. Increasingly, threat actors are using novel techniques to create images that appear to be traditional text-based emails, which allows them to circumvent traditional security solutions.

“In the face of the escalating frequency and complexity of image-based phishing attacks, traditional email security measures are proving to be increasingly insufficient. These sophisticated attacks exploit the nuanced vulnerabilities of human perception and our existing cybersecurity frameworks, making them particularly challenging to detect and prevent,” states Eyal Benishti, CEO of IRONSCALES. “Our latest research with Osterman highlights this urgent challenge, underscoring the necessity for a paradigm shift towards more adaptive and intelligent email security solutions that can keep pace with the innovative tactics of cybercriminals.”

The insights from the Osterman research report serve as a stark reminder of the evolving nature of cybersecurity threats and the imperative for organizations to assess their current email security stack. The findings also underscore the need for an integrated approach that includes advanced detection technologies, comprehensive user training, and a reevaluation of current security strategies to address the nuanced risks presented by image-based and QR code phishing attacks.

“As we navigate this increasingly complex threat landscape, IRONSCALES remains at the forefront of email security innovation, committed to equipping organizations with the tools and knowledge necessary to defend against the most sophisticated tactics in use today. Together, we can close the gap identified by this report, and build a more resilient digital ecosystem,” concludes Benishti.

The promise of AI is on every biopharma’s radar, but the reality today is that much of the industry is grappling with how to convert the hype into...
IT teams urged to resolve ‘data delays’ as UK executives struggle to access and use relevant business data.

‘Playtime is over’ for GenAI

Posted 4 days ago by Phil Alsop
NTT DATA research shows organizations shifting from experiments to investments that drive performance.

GenAI not production-ready?

Posted 4 days ago by Phil Alsop
Architectural challenges are holding UK organisations back - with just 24% citing having sufficient governance to implement GenAI.

AI tops decision-makers' priorities

Posted 4 days ago by Phil Alsop
Skillsoft has released its 2024 IT Skills and Salary Report. Based on insights from more than 5,100 global IT decision-makers and professionals, the...

The state of cloud ransomware in 2024

Posted 4 days ago by Phil Alsop
Ransom attacks in the cloud are a perennially popular topic of discussion in the cloud security realm.
Talent and training partner, mthree, which supports major global tech, banking, and business clients to build job-ready teams, has revealed the...

AI innovation is powering the Net Zero transition

Posted 4 days ago by Phil Alsop
Whilst overall AI patent filings have slowed, green AI patent publications grew 35% in 2023.