Cyber Threats

As cyber threats continue to rise across industries, FoxTech is stepping up with a £150,000 initiative to help mid-sized businesses strengthen their digital defenses. Throughout February, eligible organisations can access free cybersecurity services, choosing from critical assessments such as internal and external penetration tests, application security evaluations, and cloud security reviews.

Anthony Green, Chief Technology Officer at FoxTech, is dedicated to preventing cyberattacks and assisting companies in recovering from security breaches. This initiative underscores FoxTech’s commitment to enhancing cybersecurity resilience for businesses facing increasing digital risks.

“With cyber threats becoming more sophisticated and persistent, it’s important to continuously review and strengthen cybersecurity defences.  By offering this initiative, we aim to provide businesses with a fresh perspective, helping them identify and address vulnerabilities before they can be exploited. The flexibility to target specific areas – whether it’s cloud security, applications, or infrastructure – ensures the support is as impactful as possible.”

Participants in the initiative will receive:

• Tailored Cybersecurity Support: Businesses can allocate the complimentary funds to areas most relevant to their operations, whether internal/external penetration testing, application testing, or cloud security reviews.
• Expert Guidance: FoxTech’s experienced cybersecurity team specialises in uncovering vulnerabilities others may miss.
• Actionable Insights: Comprehensive reports in plain English, offering practical solutions for real-world risks—not just technical findings.
• No Cost, No Commitment: A truly free initiative, with no hidden fees or obligations attached.

Cyberattacks are one of the most significant risks faced by businesses of all sizes and sectors. Industries such as financial services, healthcare, and legal are under constant pressure to protect sensitive data and meet regulatory standards.

According to recent studies, mid-sized organisations are particularly vulnerable, often being targeted due to limited resources or reliance on outdated defences.

“In today’s world, no business can afford to leave its cybersecurity to chance,” added Green. “Even if you’re confident in your current setup, a fresh set of eyes can uncover what others miss. Whether it’s securing your cloud, testing applications, or reviewing defences, this initiative offers peace of mind and a chance to stay one step ahead of cybercriminals.”

The £150,000 allocation will be offered on a first-come, first-served basis. Businesses across all sectors are encouraged to secure their complimentary cybersecurity service before the allocation is reached or by the 29th February deadline.

Quishing is an emerging cyber threat that leverages QR codes embedded in phishing emails to redirect unsuspecting victims to malicious websites. This sophisticated tactic exploits the growing popularity of QR codes, turning them into a gateway for cybercriminals to access sensitive organizational data and systems.

A recent report by security firm Egress has shed light on the increasing prevalence of quishing in phishing attacks. Cybercriminals have recognized QR codes as an effective and deceptive tool to breach company infrastructures.

Much like traditional phishing scams, quishing preys on an employee’s trust by disguising malicious QR codes as links to legitimate webpages. However, once scanned, these codes lead victims to harmful sites, granting attackers potential access to critical systems and data.

Whilst the increasing use of QR codes has driven cybercriminals to this new tactic, it has also been the successful countering of malicious hyperlinks with intelligent cloud-based solutions that have meant that they have had to find new ways of finding holes in company defences. As we know, cybercriminals tend to be at least one step ahead of the sectors’ attempts to keep them out, and QR codes offer a real opportunity for bad players to go around new, effective defences.

Increase and nature of quishing attacks

Egress identified that from 1st January – 31st August 2024, 12 percent of all phishing attacks contained a QR code. This is likely to increase substantially in 2025 due to an expected surge in QR code usage this year so companies have to become more aware of what such threats look like and how their employees can better manage the incoming phishing attacks.

The report highlights what a typical attack looks like:

Step 1 The victim receives a phishing attack containing a QR code, often accompanied by social engineering techniques designed to compel them to read it. Cybercriminals typically emphasise elements such as urgency, authority, or emotional appeals within the email to increase the likelihood that the recipient will engage with the malicious payload

Step 2 The victim uses their smartphone camera to read the QR code, which prompts them to open their browser and directs them to a malicious website.

Step 3 Depending on the nature of the website, the victim could be asked to enter log-in credentials or financial details, or malware may be downloaded onto their device. If the attacker successfully gains access to a user’s credentials, they can use these to launch further attacks within an organisation or move laterally across networks

As businesses catch up with the approaches cybercriminal use, quishing attempts are evolving as Rob Batters, Director or Managed and Technical Services, Northdoor explains:

“Essentially, quishing works the same as a ‘normal’ phishing attack; however, by utilising a trusted source such as a QR code, cybercriminals are increasing their chances of success. Quishing, as a tactic, is relatively new, but as companies and solutions begin to catch up cybercriminals are already adapting their approaches. Some are putting the malicious QR code on a coloured background to try and make it harder for software to identify the code’s anchors and highlight it as malicious.

“Others are embedding the code within emails as attachments. Once the attachment is open it can be opened as any other QR code but it can trick some software into allowing it through. The most sophisticated approaches involves embedding QR codes within macro-enabled Excel files. When opened these files execute macros that assemble a malicious URL from separate cells and generate a QR code from it. As most solutions struggle to analyse a fragmented URL components it increases the chances of the code getting through. The positive for employees is that such efforts to get past the software means that the code itself looks more suspicious and easier to identify as a cyberattack.

“The key for countering quishing attacks is the same as phishing attacks. If employees can identify what a malicious email looks like then they are unlikely to click any link, open an attachment or use a QR code. Keeping employees up to date with the latest threats and how to deal with them means that cybercriminals have to find new routes to gain access to data and systems.

“The efforts of cybercriminals to find a soft underbelly of a company’s security will continue and likely become more sophisticated and complex. This means that the job of internal IT and security teams becomes more onerous and time-consuming. At a time when manpower and budgets are stretched, this becomes, on the face of it, an almost impossible task.

“Many are turning to third-party consultancies to help shoulder some of the pressure. These consultancies can also provide the expertise that in-house struggle with. By keeping an eye on systems as well as informing teams about the latest threats, consultancies are, in many cases, in a better position to keep cybercriminals out,” Batters concluded.