Threat actors are masking malicious URLs behind Morse code in attachments. The new phishing scheme is both targeted and complex.
The tactics employed by threat actors are always changing. They are changing and evolving as law enforcement and security professionals catch up to what they are doing. It’s a constant cycle, a vicious circle of cat and mouse where no one wins. It’s not uncommon for hackers to put a new twist on an old trick, and this latest evolution is proof. Threat actors are now embedding Morse code into attachments as part of a phishing scheme to mask malicious URLs.
Yes, you read that right, Morse code. You know, the system of dots and dashes invented by Samuel Morse in the 1800s as a way to send messages over a telegraph wire. At the time, it was incredibly innovative and helped lay the foundation for electronic communication. Which is why threat actors are now using this technology. According to BleepingComputer, they were “able to find numerous samples of the targeted attack uploaded to VirusTotal since February 2nd, 2021.
The phishing attack starts with an email pretending to be an invoice for the company with a mail subject like ‘Revenue_payment_invoice February_Wednesday 02/03/2021.’
This email includes an HTML attachment named in such a way as to appear to be an Excel invoice for the company. These attachments are named in the format ‘[company_name]_invoice_[number]._xlsx.hTML.’”
The attack is a highly targeted, incredibly well done example of socially engineered phishing schemes. The threat actors go to great extents to make the email and attachment seem legitimate, which is why educating and training your employees on these types of emails is incredibly important. These types of attacks are increasingly common, increasingly intricate and increasingly complex. Employees must learn to recognize malicious attachments and URLs, but they cannot do that if they aren’t educated about the problem.
There also need to be policies and procedures around what to do if a malicious, or suspected malicious, email is detected. Employees should know where to forward the email, which phone number they should call, and have an outline of steps to take when an incident happens. You are never going to be 100% protected from cyberattacks, but the more prevention steps you can take, the better protected you’ll be and the more likely you are to catch something before it gets too far.
With this particular attack, it is important that Windows file extensions are enabled so that suspicious attachments are caught more quickly. If you don’t know how to do that, or don’t know what that means, we implore you to hire an expert. Just because it’s 2021 now doesn’t mean the increase in cyberattacks is going to stop. Now is not the time to let up. Protect your business.