An innovative obfuscation technique of utilizing Morse code to mask malicious URLs in an email attachment is used in a new targeted phishing attempt.
A very old method of sending messages has been given fresh life. According to Bleeping Computer, threat actors exploited Morse code in a new URL phishing attempt discovered in early February 2021.
The Morse code, invented in the nineteenth century by Samuel Morse and Alfred Vail, was the foundation of contemporary communication. It uses dots and dashes to send messages via the telegraph. It is now also a method for phishers to hide their malicious URLs in an email attachment in order to avoid detection.
Examine how attackers employ this type of URL phishing and how to avoid it.
Modus Operandi
In a spear-phishing attack, JavaScript is converted to Morse Code.
According to Bleeping Computer, a URL phishing assault begins when a victim receives an email posing as an invoice. Because this assault is sent by email to a specific firm, it is classified as targeted phishing or spear phishing. To support this disguise, the attack email includes a subject line such as ‘Revenue payment invoice February Wednesday 02/03/2021.' The objective is to persuade the receiver that opening the attachment was safe. When they do, the web programming language HTML is activated.
The attackers created the attachment's name to resemble a customized Excel spreadsheet for the firm. The format of the attachment was ‘[company name] invoice [number]. XLIX.HTML.'
The JavaScipt code in the accompanying URL phishing file converted letters and numbers to Morse code's dots and dashes. When the JavaScript was executed, it utilized the decodeMorse() method to convert the Morse code to a hexadecimal string. Following that, the string gave way to JavaScript elements, which the campaign inserted into the HTML page.
These tags generated a picture of a bogus Excel-based invoice as well as a bespoke login form. It notified the recipient that in order to see the file, they needed to authenticate into their Office 365 account. If they did, the login form would steal the recipient's login information. It then uploaded them to a remote location from where the attackers might get them.
Other Phishing Evasion Techniques
The use of Morse code in URL phishing isn't the only evasive phishing method that has lately made headlines. PhishLabs discovered one approach in January 2020 in which phishers utilized a malicious website to contact the gyroscope and accelerometers that are typically present in smartphones. The concept here is that if the website validated the presence of device motion and orientation events, it might adjust its behavior and adapt to mobile consumers.
Several months later, Microsoft discovered that the CHIMBORAZO threat group had started employing CAPTCHA-enabled websites to circumvent automated examination.
How to ‘Phight’ the Phish
These approaches emphasize the need for enterprises to defend themselves against URL phishing. They may accomplish this by educating their users about some of the most popular forms of URL phishing attacks that are now in use through regular security awareness training. Organizations should present this instruction as part of a multi-tiered email security approach that includes threat intelligence and other technological safeguards to help flag dangerous emails before they reach employees' inboxes.
Original source: https://telegra.ph/How-Morse-Code-is-being-used-to-hide-nefarious-URLs-05-20
0
