A new hacker attack uses Morse code to "hack" corporate email systems, Microsoft said in a blog post. The attack was the work of an extensive and sophisticated network of cybercriminals orchestrating "phishing campaigns.
Microsoft analysts found the use of old techniques involving "slicing" HTML code, as well as the use of "rhythms" characteristic of Morse code.
A malicious email contains an attachment in which individual HMTL file segments may appear harmless at the code level, so they easily pass the standard security of corporate email systems. When these segments are assembled and decoded appropriately, that's when the malicious action occurs. To the user, it takes the form of a fake account window or notification masquerading as a Microsoft Office 365 account. Essentially, the attack is broken down into pieces, which are then put together like a puzzle to execute the full sequence of the attacker's actions.
The primary goal of the attack is to collect usernames and passwords, but it also collects other data that may be useful to hackers, such as IP address and location. These can later be used for other attacks.
To mislead the victim, emails come with an XLS format attachment. These emails cleverly mimic traditional financial correspondence, so users open the attachment without thinking.
Using Morse code can hide all attack segments. Some of the code segments are not even present in the attachment itself. Instead, they reside in various public directories and are called by encrypted scripts.
To combat this threat, Microsoft is developing new algorithms to dynamically protect all domains, all of its email services, endpoints, credentials, and cloud applications.