Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1618
Views
7
Helpful
7
Replies

CSCvs55128 - [ENH] ESA should scan the QR and barcodes in the emails

cdion
Level 1
Level 1

‎10-03-2023 01:28 AM

Hello ppl,

any ideas on QR (Quishing) protection with ESA SEGs topic?

Looks like that even with Image-Analysis feature, SEGs are not able to scan (suspicious) URLs encoded as QRs in message embedded pictures.

There is a feature request [CSCvs55128] since 2019, but looks like we haven't any progress on this field.
Any fresh update is highly appreciated.

thanks and regards,

Chris

12 people had this problem
Labels:
7 Replies 7

System Administrator
Level 1
Level 1

‎10-03-2023 10:21 AM

I'm going to second this request.  Attackers are adapting.  We are seeing a MAJOR uptick in the number of emails that are purely image-based with zero textual component.  This is an abhorrent weak point with the ESAs and is requiring organizations such as ours to seek out this feature in competitor products.

To compound this issue, these image-only email attacks using QR codes introduce additional strain on any company's last line of defense (the end user) to recognize malicious/phishing emails that have made it past the ESAs.  Many companies are working toward cloud-based solutions that require MFA products which can use QR codes which are indistinguishable to the naked eye.  Our organization must now be increasingly cautious with any legitimate use of QR codes or solutions that use them until this gaping hole in the ESAs is addressed.

Time to stop buying competitors and enhance what you already provide.

knasterlaster
Level 1
Level 1

‎11-23-2023 03:07 AM

push

0 Helpful

deborah_walmer-basembe@dai.com
Level 1
Level 1

‎01-03-2024 11:13 AM

Please add this feature

betachang
Level 1
Level 1

‎01-11-2024 06:55 PM

Please add this feature

0 Helpful

JvBNL
Level 1
Level 1

‎02-05-2024 12:05 AM

Don'.t want to call this a feature, but a core requirement anno 2024
This is already a major attack vector and the lack of response is ridiculous.  Has cisco been sleeping ?
An option to just identify and block QR's in general would also be appreciated.

0 Helpful

patrick.d
Level 1
Level 1

‎02-13-2024 11:58 PM

Cisco is falling behind in this area. Agree with JvBNL, this isn't a feature request but a basic core requirement. It's just silly that Cisco chooses to ignore this attack vector.

0 Helpful

mattdrury
Level 1
Level 1

‎04-25-2024 09:50 AM

This is a a fundamental need at this point, and I think I've done as much customizing as I can to deal with this. At some point, Cisco need to step up.

0 Helpful
Customers Also Viewed These Support Documents