F.A.S.T. Reports Sharp Increase in Attempts to Bypass Antispam Solutions Using Homoglifs
In the third quarter of 2023, the number of harmful newsletters using homoglifs to bypass antispam solutions significantly increased, according to F.A.S.T., a cybersecurity company. Compared to the same period in 2022, there was an 11-fold rise in such letters. Cybercriminals commonly replace the letters E, O, C, and A with homoglifs in their attacks.
The surge in the use of homoglifs in harmful letters was observed at the beginning of this year, as highlighted by specialists from the Cybersecurity Center F.A.C.T. Operators utilizing the SUTSNAKE style have been found to employ this technique, which involves a malicious program designed to steal accounting data from victims’ browsers, applications, and cryptocurrencies. In August, the Stler malware disguised itself as an investigative letter, leading employees of companies to receive emails supposedly requesting their testimony in a criminal case. However, the emails contained an archive with harmful homoglifs.
Using homoglifs allows cybercriminals to evade incoming and outgoing mail filtration systems, thereby increasing the chances of delivering malicious messages to the intended recipients. Attackers often insert Latin homoglifs into Russian emails, while other alphabets or special symbols have not yet been used in this manner. It is important to note that different letters may be replaced with homoglifs in various options within a single malicious mailing.
F.A.S.T. emphasizes that the use of homoglifs as a deception method remains effective. This approach can bypass simple antispam systems, and users who click on suspicious links or open attachments from such emails put their electronic accounts and even corporate networks at risk.