Microsoft Office is a suite of office-related applications. It is one of the most-widely used set of office applications worldwide. Thanks to its popularity, it is also a constant target of hackers. Security researchers at BitDefender have claimed that Microsoft’s suite of office software could be abused to launch a range of phishing attacks targeted at users of Outlook, Word, Excel, OneNote and PowerPoint. Called homograph attacks, these are claimed to be smart enough to trick even the most internet-savvy users. So, it is important for users to be extra careful.
What are homograph attacks
Homograph attacks misuse similar-looking characters to deceive users (for example –“Microsoft”). The potential of these attacks increases a lot when they are based on international domain names (IDN) and are used against apps, instead of browsers. BitDefender analysts found out that all Microsoft Office applications are unprotected against such attacks. The researchers tested how these applications behaved when they encountered an IDN homograph attack.
These attacks tend to misuse the internationalisation of the internet. In the early days, all domains on the web used the Latin alphabet, which consisted of 26 characters. Later on, the internet expanded to include more characters that include the Cyrillic alphabet (used in Eastern Europe and Russia). This offered the attackers a wide playground to combine different characters and create phishing sites with URLs that look very similar to the authentic website.
How can it affect users
To make it simple for regular users, hackers and bad actors can force Microsoft Office apps, say Outlook, to show a link that looks legitimate. Users may not be able to tell the difference until the site is opened in their browser. In some cases, as users land on these malicious websites, it triggers a malware download.
Meanwhile, the good news is that BitDefender has claimed that such an attack is not easy to carry out and is unlikely to be used at a scale. However, this vulnerability can be abused as a highly potent weapon for targeted attacks like state-sponsored cyber attackers targeting certain high-value companies to hack their passwords and other sensitive data.
Microsoft’s reaction to this security issue
Bitdefender reported this issue to Microsoft in October 2021 and the tech giant has also acknowledged the threat as real. However, the company has not issued a patch to fix this exploit.
FacebookTwitterInstagramKOO APPYOUTUBE
!(function(f, b, e, v, n, t, s) {
window.TimesApps = window.TimesApps || {};
const { TimesApps } = window;
TimesApps.loadFBEvents = function() {
(function(f, b, e, v, n, t, s) {
if (f.fbq) return;
n = f.fbq = function() {
n.callMethod ? n.callMethod(…arguments) : n.queue.push(arguments);
};
if (!f._fbq) f._fbq = n;
n.push = n;
n.loaded = !0;
n.version = ‘2.0’;
n.queue = [];
t = b.createElement(e);
t.async = !0;
t.src = v;
s = b.getElementsByTagName(e)[0];
s.parentNode.insertBefore(t, s);
})(f, b, e, v, n, t, s);
fbq(‘init’, ‘593671331875494’);
fbq(‘track’, ‘PageView’);
};
})(
window,
document,
‘script’,
‘https://connect.facebook.net/en_US/fbevents.js’,
);if(typeof window !== ‘undefined’) {
window.TimesApps = window.TimesApps || {};
const { TimesApps } = window;
TimesApps.loadScriptsOnceAdsReady = () => {
var scripts = [‘https://static.clmbtech.com/ad/commons/js/2658/toi/colombia_v2.js’,
‘https://www.googletagmanager.com/gtag/js?id=AW-877820074’,
‘https://imasdk.googleapis.com/js/sdkloader/ima3.js’,
‘https://tvid.in/sdk/loader.js’,
‘https://timesofindia.indiatimes.com/video_comscore_api/version-3.cms’,
‘https://timesofindia.indiatimes.com/grxpushnotification_js/minify-1,version-1.cms’,
‘https://connect.facebook.net/en_US/sdk.js#version=v10.0&xfbml=true’,
‘https://timesofindia.indiatimes.com/locateservice_js/minify-1,version-12.cms’
];
scripts.forEach(function(url) {
let script = document.createElement(‘script’);
script.type=”text/javascript”;
if(!false && !false && url.indexOf(‘colombia_v2’)!== -1){
script.src = url;
} else if (!false && !false && url.indexOf(‘sdkloader’)!== -1) {
script.src = url;
} else if (url.indexOf(‘colombia_v2’)== -1 && url.indexOf(‘sdkloader’)== -1){
script.src = url;
}
script.async = true;
document.body.appendChild(script);
});
}
}
