Cyber Threats Snapshot: report into cyber attacks during the third quarter of 2021

03 November 2021

The Cyber Threats Report for the third quarter of 2021 has been published. Analysis of threat actors, vulnerabilities and cybercrime activities, carried out by Leonardo's Security Operation Centre, highlighted three particularly significant trends between July and September.

  • Morse code usage as an obfuscation technique
  • Phishing-as-a-service
  • ‘Living off the land’ attacks

Hidden behind Morse code

Among the most interesting news of the quarter, a year-long phishing campaign, using the Morse code technique as a new method to avoid detection, was identified. This obfuscation technique sees the Morse alphabet replace Latin characters of URLs in order to evade controls. Then they can be decrypted once the protections have been bypassed. The final objective of the campaign was the collection of usernames, passwords and information such as IP addresses and the geo-location of machines – information that attackers could use at a later time to conduct subsequent intrusion attempts.

The phenomenon of cybercrime-as-a-service continues, namely the availability of malware templates and malicious programs ready to use. In September, in particular, a large-scale Phishing-as-a-Service (PHaaS) campaign called BulletProofLink (also known as Anthrax) was identified. The operation provided over 100 different phishing models reproducing a large number of well-known brands and services. The attacks were carried out via email with attachments consisting of compressed files containing an ad-hoc template for the victim.

Hit without leaving traces on the hard drive

So-called 'living off the land' attacks have also increased in the last three months. These are carried out using integrated and legitimate tools, interfaces and services (such as PowerShell or WMI) to perform malicious actions. These attacks are also called 'fileless' because no malicious files are installed on the hard drive, and are therefore more difficult to recognise. One particular attack, recorded in September, aimed to spread malware that affects financial services and POS (Point of Sale, the device allowing the purchase of goods or services using a payment/credit card) through a word document attached to an email.

Download the complete report:  

For more information, please email:
Follow us on Twitter, LinkedIn and Instagram to be in touch with our initiatives.