Hackers are using Morse code to bypass phishing controls
Researchers said the campaign, first spotted in July 2020, targeted Office 365 users and attempted to get them to hand over credentials using targeted, invoice-themed XLS.HTML attachments. The cyber criminals faked invoices in Excel HTML or web documents to distribute forms to steal information.
According to researchers, the campaign’s primary goal is to harvest usernames, passwords, and - in its more recent iteration - other information like IP address and location, which attackers use as the initial entry point for later infiltration attempts.
"The XLS.HTML phishing campaign uses social engineering to craft emails mimicking regular financial-related business transactions, specifically sending what seems to be vendor payment advice. In some of the emails, attackers use accented characters in the subject line," said researchers.
Researchers said that using XLS in the attachment file name prompts users to expect an Excel file. When the victim opens the attachment, it launches a browser window and displays a fake Microsoft Office 365 credentials dialog box on top of a blurred Excel document. “Notably, the dialog box may display information about its targets, such as their email address and, in some instances, their company logo.”
Researchers added that hackers changed obfuscation and encryption mechanisms every 37 days on average, “demonstrating high motivation and skill to constantly evade detection and keep the credential theft operation running.” What stood out in this campaign was the level of obfuscation deployed.
Prevent fraud and phishing attacks with DMARC
How to use domain-based message authentication, reporting, and conformance for email securityDownload now
One unusual obfuscation technique was the use of Morse code. Hackers used this in the February ("Organization report/invoice") and May 2021 ("Payroll") waves of the campaign.
The definitive guide to warehouse efficiency
Get your free guide to creating efficiencies in the warehouseFree download
The total economic impact™ of Datto
Cost savings and business benefits of using Datto Integrated SolutionsDownload now
Three-step guide to modern customer experience
Support the critical role CX plays in your businessFree download
The global state of the channelDownload now