Researchers Found Hackers Deploying Morse Code to Help Evade Detection
A yearlong phishing campaign used various techniques, including deploying Morse code in some cases, to help evade security tools while attempting to harvest the credentials of Office 365 users, according to a report published by Microsoft researchers this week.
As part of this phishing campaign, the attackers deployed a variety of techniques and tools to create realistic-looking phishing emails that appear to resemble invoices with Microsoft Excel HTML spreadsheets attached. If a user opened one of these malicious attachments, the group behind the attack could harvest their Office 365 credentials as well as other details, such as the device’s specific IP address and location.
During the year, the Microsoft researchers found that the attackers behind the campaign changed their tactics and techniques, including obfuscation and encryption mechanisms, about every 37 days on average to help avoid detection by security teams.
The researchers also found the attackers broke the HTML files into multiple segments, which helped make the code look benign to security tools.
“In effect, the attachment is comparable to a jigsaw puzzle: On their own, the individual segments of the HMTL file may appear harmless at the code level and may thus slip past conventional security solutions,” the Microsoft researchers note in the report. “Only when these segments are put together and properly decoded does the malicious intent show.”