How Morse Code is being used to hide nefarious URLs?

1
How Morse Code is being used to hide nefarious
URLs?
2

• An innovative obfuscation technique of utilizing
  Morse code to mask malicious URLs in an email
  attachment is used in a new targeted phishing
  attempt.
• A very old method of sending messages has been
  given fresh life. According to Bleeping Computer,
  threat actors exploited Morse code in a new URL
  phishing attempt discovered in early February
  2021.
• The Morse code, invented in the nineteenth
  century by Samuel Morse and Alfred Vail, was the
  foundation of contemporary communication. It uses
  dots and dashes to send messages via the
  telegraph. It is now also a method for phishers
  to hide their malicious URLs in an email
  attachment in order to avoid detection.
• Examine how attackers employ this type of URL
  phishing and how to avoid it.

3
Modus Operandi

• In a spear-phishing attack, JavaScript is
  converted to Morse Code.
• According to Bleeping Computer, a URL phishing
  assault begins when a victim receives an email
  posing as an invoice. Because this assault is
  sent by email to a specific firm, it is
  classified as targeted phishing or spear
  phishing. To support this disguise, the attack
  email includes a subject line such as 'Revenue
  payment invoice February Wednesday 02/03/2021.'
  The objective is to persuade the receiver that
  opening the attachment was safe. When they do,
  the web programming language HTML is activated.
• The attackers created the attachment's name to
  resemble a customized Excel spreadsheet for the
  firm. The format of the attachment was 'company
  name invoice number. XLIX.HTML.'
• The JavaScipt code in the accompanying URL
  phishing file converted letters and numbers to
  Morse code's dots and dashes. When the JavaScript
  was executed, it utilized the decodeMorse()
  method to convert the Morse code to a hexadecimal
  string. Following that, the string gave way to
  JavaScript elements, which the campaign inserted
  into the HTML page.
• These tags generated a picture of a bogus
  Excel-based invoice as well as a bespoke login
  form. It notified the recipient that in order to
  see the file, they needed to authenticate into
  their Office 365 account. If they did, the login
  form would steal the recipient's login
  information. It then uploaded them to a remote
  location from where the attackers might get them.

4
Other Phishing Evasion Techniques

• The use of Morse code in URL phishing isn't the
  only evasive phishing method that has lately made
  headlines. PhishLabs discovered one approach in
  January 2020 in which phishers utilized a
  malicious website to contact the gyroscope and
  accelerometers that are typically present in
  smartphones. The concept here is that if the
  website validated the presence of device motion
  and orientation events, it might adjust its
  behavior and adapt to mobile consumers.
• Several months later, Microsoft discovered that
  the CHIMBORAZO threat group had started employing
  CAPTCHA-enabled websites to circumvent automated
  examination.

5
How to Phight the Phish

• These approaches emphasize the need for
  enterprises to defend themselves against URL
  phishing. They may accomplish this by educating
  their users about some of the most popular forms
  of URL phishing attacks that are now in use
  through regular security awareness training.
  Organizations should present this instruction as
  part of a multi-tiered email security approach
  that includes threat intelligence and other
  technological safeguards to help flag dangerous
  emails before they reach employees' inboxes.