fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

New Phishing Attack Uses Morse Code To Hide Malicious URLs

New Phishing Attack Uses Morse Code To Hide Malicious URLs

A new targeted phishing campaign includes the novel obfuscation technique of using Morse code to hide malicious URLs in an email attachment.

Samuel Morse and Alfred Vail invented morse code as a way of transmitting messages across telegraph wire. When using Morse code, each letter and number is encoded as a series of dots (short sound) and dashes (long sound).

Starting last week, a threat actor began utilizing Morse code to hide malicious URLs in their phishing form to bypass secure mail gateways and mail filters.

BleepingComputer could not find any references to Morse code being used in phishing attacks in the past, making this a novel obfuscation technique

The novel Morse code phishing attack

Also Read: 15 Best Tools For Your Windows 10 Privacy Settings Setup

After first learning of this attack from a post on Reddit, BleepingComputer was able to find numerous samples of the targeted attack uploaded to VirusTotal since February 2nd, 2021.

The phishing attack starts with an email pretending to be an invoice for the company with a mail subject like ‘Revenue_payment_invoice February_Wednesday 02/03/2021.’

Phishing email
Phishing email

This email includes an HTML attachment named in such a way as to appear to be an Excel invoice for the company. These attachments are named in the format ‘[company_name]_invoice_[number]._xlsx.hTML.’

For example, if BleepingComputer was targeted, the attachment would be named ‘bleepingcomputer_invoice_1308._xlsx.hTML.’

When viewing the attachment in a text editor, you can see that they include JavaScript that maps letters and numbers to Morse code. For example, the letter ‘a‘ is mapped to ‘.-‘ and the letter ‘b‘ is mapped to ‘-…‘, as shown below.

Source code HTML phishing attachment
Source code HTML phishing attachment

The script then calls a decodeMorse() function to decode a Morse code string into a hexadecimal string. This hexadecimal string is further decoded into JavaScript tags that are injected into the HTML page.

Decoded JavaScript tags
Decoded JavaScript tags

These injected scripts combined with the HTML attachment contain the various resources necessary to render a fake Excel spreadsheet that states their sign-in timed out and prompts them to enter their password again.

HTML attachment displaying the phishing login form
HTML attachment displaying the phishing login form

Once a user enters their password, the form will submit the password to a remote site where the attackers can collect the login credentials.

This campaign is highly targeted, with the threat actor using the logo.clearbit.comservice to insert logos for the recipient’s companies into the login form to make it more convincing. If a logo is not available, it uses the generic Office 365 logo, as shown in the image above.

BleepingComputer has seen eleven companies targeted by this phishing attack, including SGS, Dimensional, Metrohm, SBI (Mauritius) Ltd, NUOVO IMAIE, Bridgestone, Cargeas, ODDO BHF Asset Management, Dea Capital, Equinti, and Capital Four.

Phishing scams are becoming more intricate every day as mail gateways become better at detecting malicious emails. 

Due to this, everyone must pay close attention to URLs and attachment names before submitting any information. If something looks at all suspicious, recipients should contact their network administrators to investigate further.

Also Read: Going Beyond DPO Meaning: Ever Heard of Outsourced DPO?

As this phishing email uses attachments with double-extension (xlxs and HTML), it is important to make sure that Windows file extensions are enabled to make it easier to spot suspicious attachments.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us