To evade detection, hackers are requiring targets to complete CAPTCHAs

Found on Ars Technica on Friday, 19 June 2020
Browse Internet

Microsoft recently spotted an attack group distributing a malicious Excel document on a site requiring users to complete a CAPTCHA, most likely in an attempt to thwart automated detection by good guys.

Periodically changing up attack routines is one way attackers stay ahead of defenders, creating a never-ending back-and-forth process that requires constant vigilance for defenders to stay on top of. It’s likely the attack group will change course again in the coming months.

Captchas are bad enough already. If someone mails you anything that brings up a captcha, ignore it. Even if it is legit.