Morse code phishing defeats spam filters

On February 7 of 2021, the website Bleeping Computer reported a quite advanced phishing attack based on an ancient communication protocol: Morse code.

Developed back in 1835, the protocol turn the alphabet in binary code and the other way around. It allows us to communicate by simple bleeps or light signals.

The most famous Morse code is probably … _ _ _ …  Correct, the SOS distress signal to call for rescue!

The hackers found this technique interesting to use in webpages and to obfuscate phishing URL’s that would normally be removed by the most modern anti spam filters.

How it should work, normally:

When these filters scan an email containing https://eid.belgium.be.youshouldnevergothere.za/
change_password 

and the “youshouldnevergothere.za” domain is blacklisted, they kill the URL or the entire email.

The user can’t click the URL and the issue is solved.

How it is bypassed using Morse code:

The hacker understand the filter mechanism and turns the URL from text format to “.” and “_”.

The filter sees a series of dots and dashes and pays no attention, the email passes without issue.

Next, the webpage loads code to translate the code into text and hits the malicious URL.

That’s bad…

In the image below you can see how they would set up the morse code to turn it into a malicious URL

Want to know more about how the attack works?

What this shows is the effect of using ‘old school’ tools in a ‘modern environment’. We try to protect users, both fixed desktop users as mobile smartphone users, in a ’new normal’ where there are no more network boundaries.The spam filter certainly have their use, but it’s also certain this is not the only protection your employees need.

In the previous ’normal’, the corporate network was protected on the lowest level with anti-spam, anti-malware etc… to improve protection for the employees. That’s mandatory to ensure the Morse code doesn’t point the user to the bad site. The hackers didn’t invent Morse in 2021, they could have used it for ages, but they didn’t.

Why?
Because before, the network was secured. Even if they defeated the anti-spam, they would get blocked when the PC was trying to reach the phishing server. In the ‘new normal’, and certainly for mobile users (aren’t we all), we need to get this next layer of defence back in place: ON our mobile device.

That’s where MTD and anti-phishing comes into play. The modern techniques no longer consume processing power to analyse what data enters a mobile device because it’s impossible. There are so many channels on which you receive data: SMS, Whatsapp, Email, … The new way of working is to prevent you from going to malicious phishing sites. Very much like in the old days when you were on the corporate network. It’s like having all that super networking protection on your mobile device in your pocket: updated in realtime through the cloud and blocking the URL’s you shouldn’t go to!

Interested in our help to get protection up and running for your mobile employees? Let us know!

Shopping Basket