SECURITY experts have delivered an urgent warning to Microsoft Office users about “homograph attacks”.
The breach allows malware to be downloaded that can expose your data.
1
Microsoft Office is one of the most widely used suite of office-related applications in the world.
Thanks to its global popularity, it’s also a constant target for hackers.
Recently, analysts from Romanian cybersecurity firm Bitdefender discovered that Microsoft’s platform of office software could be abused to launch phishing attacks.
Bitdefender added that the attacks are targeted at users of Outlook, Word, Excel, OneNote and PowerPoint.
Called “homograph attacks,” they are said to be smart enough to trick even the most internet-savvy. So, it’s vital that users be extra careful and understand what to look out for.
What is a homograph attack?
Homograph attacks misuse similar-looking characters to deceive users (eg using a “zero” in G00GLE, instead of the letter “o” in GOOGLE). The difference is slight, but the potential of these attacks increases when they are based on international domain names (IDN).
In a disturbing discovery, Bitdefender analysts found that all Microsoft Office applications are unprotected against such attacks.
Most read in The Sun
The attacks tend to exploit the globalization of the internet. Previously, all web domains used the Latin alphabet, which consisted of 26 characters.
However, the internet has now expanded to include more characters that include the Cyrillic alphabet (used in Eastern Europe and Russia). This allowed hackers to combine different characters and create phishing sites with URLs that look very similar to the authentic website.
What to look out for
Hackers and bad actors can force Microsoft Office apps, like Outlook, to show a link that looks legitimate.
Users may not be able to tell the difference until the site is opened in their browser. In some cases, as users land on these malicious websites, it triggers a malware download.
There is some good news, however.
Bitdefender claims that a homograph attack is not easy to carry out, and is unlikely to be used at scale.
However, it warns the vulnerability can be abused as a highly potent weapon for targeted attacks, like state-sponsored cyber attackers targeting certain high-value companies to hack their passwords and other sensitive data.
Bitdefender reported the issue to Microsoft in October 2021 and the tech giant acknowledged the threat as real. However, it has yet to issue a patch to fix the vulnerability.
We pay for your stories!
Do you have a story for The US Sun team?
This post first appeared on Thesun.co.uk
