Microsoft Office susceptible to homograph attacks

It is already a reality, all Microsoft Office applications are susceptible to homograph phishing attacks that use internationalized domain names. This is revealed by the new Bitdefender research.

The names used by MS Office (including Outlook, Word, Excel, OneNote, and PowerPoint) are virtually unrecognizable to the user, which makes the probability of clicking on a malicious link extremely high.

The company had already informed Microsoft about the existence of this problem in October 2021. The company’s Security Response Center confirmed these findings, but as of today it is not clear that Microsoft has taken any action.

Microsoft Office susceptible to attack

Homograph phishing attacks are based on the idea of ​​using similar characters to impersonate another site, for example g00gle.com. However, IDN-based homograph attacks go a step further and are very difficult to detect.

Although homograph attacks are unlikely to become widespread, as they are not easy to set up and maintain, they are a dangerous and effective tool used for campaigns based on advanced persistent threats (APTs) or other high-level techniques.

Microsoft Office applications susceptible to homograph attacks

These campaigns seek specific targets that provide significant value, whether they are specific companies, such as banks, or specific activities, such as the exchange of cryptocurrencies.

Security advice

The company urges companies to be alert and take different measures:

• Include information about homograph attacks in training and awareness activities for your employees.
• Implement an endpoint security solution that detects and blocks malicious websites.
• Use IP and URL reputation services on all your devices.