Microsoft Reports 15,000 Daily Malicious QR Code Messages Targeting Education
In recent months, the digital security divisions at Microsoft have issued various alerts regarding attempts by cybercriminals to disrupt the upcoming 2024 US presidential election. Nevertheless, these election-related threats are not the only focus of Microsoft’s ongoing cybersecurity efforts.
According to a recent report released this week, Microsoft has highlighted the alarming trends of cyber attacks targeting both primary and secondary educational institutions, as well as higher education establishments. The report indicates that the education sector ranked as the third most attacked industry during the second quarter of 2024, with the United States experiencing the highest level of threats in this domain.
One of the standout figures from this analysis reveals that Microsoft Defender for Office 365 detects over 15,000 daily emails containing malicious QR codes aimed at educational targets. If interacted with, these QR codes could potentially install malware, create spam communications, or execute phishing scams.
Microsoft remarked:
Legitimate software applications can be harnessed to swiftly create QR codes that embed links meant for distribution via emails or physical postings, acting as vectors for cyber attacks. Traditional email security solutions often struggle to analyze these images effectively, which underscores the need for both faculty and students to utilize devices and browsers equipped with contemporary web protection.
In the past year, Microsoft has taken significant strides to combat QR code-related phishing threats, managing to reduce incidents from three million in December 2023 to a mere 179,000 by March 2024.
The report also points out a growing trend of nation-state actors targeting universities due to their access to advanced research and expertise across various fields. Many of these institutions collaborate with the US government on significant initiatives, making them appealing targets; adversaries may prefer to infiltrate academic establishments linked to governmental or military operations rather than undertaking direct strikes on these heavily fortified entities.
Some educational bodies, like Oregon State University and the Arizona Department of Education, have proactively enhanced their defenses against cyber threats. For instance, Arizona’s educational institutions have implemented measures to block all external traffic from their local data centers, alongside their Microsoft 365 and Azure online services.
Leave a Reply