URL phishing campaign hides attack behind Morse code



A very old way of sending messages has found new life. Threat actors used Morse code in a new URL phishing campaign detected in early February 2021, according to Bleeping Computer.

Invented by Samuel Morse and Alfred Vail in the 19th century, Morse code was the foundation of modern communication. It transmits messages by telegraph using periods and dashes. It’s now also a way phishers can hide their malicious URLs in an email attachment to evade detection.

Find out how attackers use this type of URL phishing and how to prevent it.

JavaScript mapped to Morse code in phishing attack

The URL phishing attack begins when a user receives an email masquerading as an invoice, Bleeping Computer has discovered. Since this attack is sent as an email to a specific company, it falls under phishing or spear phishing targeting. The attack email uses a subject line, such as “Revenue_payment_invoice February_Wednesday 03/02/2021”, to support this disguise. The goal is to convince the recipient that it is safe to open the attachment. Once they do, it activates into the HTML web programming language.

The attackers designed the name of the attachment to look like a custom Excel spreadsheet for the business. The attachment used the format ‘[company_name]_invoice_[number]._xlsx.hTML. ‘

The attached URL phishing file included JavaScipt code that maps letters and numbers to periods and dashes in Morse code. Once executed, the JavaScript used a decodeMorse () function to translate Morse code into a hexadecimal string. Then that string gave way to the JavaScript tags that the campaign injected into the HTML page.

These tags created the image of a fake Excel based invoice and custom login form. He informed the recipient that he needed to sign in to his Office 365 account to view the file. If they did, the login form then stole the recipient’s credentials. From there, he uploaded them to a remote site where attackers could retrieve them.

At the time of its reporting, Bleeping Computer had discovered attempted attacks against 11 companies. This is the first known instance of phishing using Morse code.

Other escape techniques used by phishers

The use of Morse code in URL phishing isn’t the only evasive phishing technique in the news recently. In January 2020, PhishLabs discovered a tactic in which phishers used a malicious website to call the gyroscope and accelerometers commonly found in smartphones. The idea here is that the website could change its behavior and meet the needs of mobile users if it confirmed the presence of device movement and orientation events.

Some months later, Microsoft discovered that the CHIMBORAZO threat group had started using websites with CAPTCHAs to avoid automated scans.

Finally, a phishing operation in November 2020 reversed the images used for the backgrounds of its landing pages in order to remain hidden from anti-phishing tools.

How to defend yourself against phishing

These tactics highlight the need for organizations to defend against URL phishing. To do this, they can take ongoing security awareness training to educate their users about some of the most common types of URL phishing attacks that are in circulation today. Businesses should position this training as part of a layered email security strategy that also leverages threat intelligence and other technical controls to help flag suspicious emails before they go. arrive in employee inboxes.



Previous 5 Best Ways to Promote LinkedIn Profile - Film Daily
Next The 8 Best Cloud Administration Courses on LinkedIn Learning