Cybercriminals’ creativity knows no boundaries. That is obvious in their new phishing campaign: using Morse code’s dots and dashes to disguise their attacks.
Microsoft Disects Peculiar New Phishing Campaign
A phishing attack group’s strategies have caught Microsoft’s eye due to their ‘jigsaw puzzle’ technique and unusual features such as Morse code dashes and dots used to hide attacks.
The cybercriminals grouping uses invoices in Excel HTML or web documents to spread credential-stealing forms for later attacks. This method stands out because it goes unnoticed by traditional email filter systems.
In effect, the attachment is comparable to a jigsaw puzzle: on their own, the individual segments of the HMTL file may appear harmless at the code level and may thus slip past conventional security solutions. Only when these segments are put together and properly decoded does the malicious intent show.”Microsoft Security Intelligence
The attackers’ main purpose is to gather usernames and passwords, but they also collect profit data such as IP address and location to use in further data breach attempts. “This phishing campaign is unique in the lengths attackers take to encode the HTML file to bypass security controls,” Microsoft said.
The new phishing campaign falls within the business email compromise category, a scam more profitable than ransomware. Phishing attacks cost Americans over $4.2 billion in 2020, according to the FBI’s latest statements. BEC is far more expensive than ransomware attacks. It relies on compromised email accounts or email addresses similar to legitimate ones, which are particularly difficult to filter because they blend in within usual, expected traffic.
“The XLS.HTML phishing campaign uses social engineering to craft emails mimicking regular financial-related business transactions, specifically sending what seems to be vendor payment advice. In some of the emails, attackers use accented characters in the subject line,” Microsoft warned.
Excel and the finance-related subject encourages targets to give away their credentials
“Using xls in the attachment file name is meant to prompt users to expect an Excel file. Instead, when the attachment is opened, it launches a browser window and displays a fake Microsoft Office 365 credentials dialog box on top of a blurred Excel document. Notably, the dialog box may display information about its targets, such as their email address and, in some instances, their company logo.”
“Morse code is an old and unusual method of encoding that uses dashes and dots to represent characters. This mechanism was observed in the February (“Organization report/invoice”) and May 2021 (“Payroll”) waves,” Microsoft said.
2021 (“Payroll”) waves,” Microsoft notes.
Here, at ATTACK Simulator, we take cybersecurity seriously. We know that phishing attacks can strike at any time, which is why we focus on training, educating, and equipping your staff with the best up-to-date security practices they need to detect and prevent phishing attempts.
Educate your employees on cybersecurity with ATTACK Simulator’s realistic 4-Step Phishing Simulations.
Your company’s safety and future are in your hands and, perhaps most importantly, your employees’ hands. Get your quote here.