Light Dark
March 15, 2021 By David Bisson 2 min read
News

A very old way to send messages has found new life. Threat actors used Morse code in a new URL phishing campaign detected early in February 2021, according to Bleeping Computer.

Invented by Samuel Morse and Alfred Vail in the 19th century, Morse code was the bedrock of modern communication. It transmits messages over the telegraph using dots and dashes. It’s now also a means by which phishers can conceal their malicious URLs in an email attachment to evade detection.

Take a look at how attackers are using this kind of URL phishing and how to prevent it.

JavaScript Mapped to Morse Code in Spear Phishing Attack

The URL phishing attack begins when a user receives an email pretending to be an invoice, Bleeping Computer found. Because this attack is sent as an email to a specific company, it falls under the umbrella of targeting phishing or spear phishing. The attack email uses a subject line, such as ‘Revenue_payment_invoice February_Wednesday 02/03/2021,’ to support this disguise. The goal is to convince the recipient that it was safe for them to open the attachment. Once they do, it activates in the web programming language HTML.

The attackers crafted the name of the attachment to look like a personalized Excel spreadsheet for the company. The attachment used the format ‘[company_name]_invoice_[number]._xlsx.hTML.’

The attached URL phishing file included JavaScipt code that mapped letters and numbers to Morse code’s dots and dashes. Once run, the JavaScript used a decodeMorse() function to translate the Morse code into a hexadecimal string. Next, that string gave way to JavaScript tags that the campaign injected into the HTML page.

Those tags created the image of a fake Excel-based invoice and a custom login form. It informed the recipient that they needed to sign into their Office 365 account in order to view the file. If they did, the login form then stole the recipient’s credentials. From there, it uploaded them to a remote site where the attackers could retrieve them.

At the time of its reporting, Bleeping Computer had found attack attempts on 11 companies. This is the first known instance of phishing using Morse code.

Other Evasion Techniques Used by Phishers

Using Morse code in URL phishing isn’t the only evasive phishing technique in the news recently. In January 2020, PhishLabs came across one tactic in which phishers used a malicious website to call the gyroscope and accelerometers that are commonly found in smartphones. The idea here is that the website could change its behavior and cater to mobile users if it confirmed the presence of device motion and orientation events.

Several months later, Microsoft found that the CHIMBORAZO threat group had begun using websites with CAPTCHAs to avoid automated analysis.

Finally, a phishing operation in November 2020 inverted images used for its landing pages’ backgrounds in order to remain hidden from anti-phishing tools.

How to Defend Against a Phish

These tactics highlight the need for organizations to defend themselves against URL phishing. They can do this by using ongoing security awareness training to educate their users about some of the most common types of URL phishing attacks that are in circulation today. Organizations should position this education as part of a layered email security strategy that also leverages threat intelligence and other technical controls to help flag suspicious emails before they land in employees’ inboxes.

 |  | 
David Bisson
Contributing Editor

More from News
November 18, 2024

Research finds 56% increase in active ransomware groups

4 min read - Any good news is welcomed when evaluating cyber crime trends year-over-year. Over the last two years, IBM’s Threat Index Reports have provided some minor reprieve in this area by showing a gradual decline in the prevalence of ransomware attacks — now accounting for only 17% of all cybersecurity incidents compared to 21% in 2021. Unfortunately, it’s too early to know if this trendline will continue. A recent report released by Searchlight Cyber shows that there has been a 56% increase in…

November 4, 2024

Cyberattack on American Water: A warning to critical infrastructure

3 min read - American Water, the largest publicly traded United States water and wastewater utility, recently experienced a cybersecurity incident that forced the company to disconnect key systems, including its customer billing platform. As the company’s investigation continues, there are growing concerns about the vulnerabilities that persist in the water sector, which has increasingly become a target for cyberattacks. The breach is a stark reminder of the critical infrastructure risks that have long plagued the industry. While the water utility has confirmed that…

October 28, 2024

CISA and FBI release secure by design alert on cross-site scripting 

3 min read - CISA and the FBI are increasingly focusing on proactive cybersecurity and cyber resilience measures. Conjointly, the agencies recently released a new Secure by Design alert aimed at eliminating cross-site Scripting (XSS) vulnerabilities, which have long been exploited to compromise both data and user trust. Cross-site scripting vulnerabilities occur when a web application improperly handles user input, allowing attackers to inject malicious scripts into web pages that are then executed by unsuspecting users. These vulnerabilities are dangerous because they don't attack…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature