Security News > 2022 > June > Microsoft Office apps are vulnerable to IDN homograph attacks

Microsoft Office apps - including Outlook and Teams - are vulnerable to homograph attacks based on internationalized domain names.

"Users, who are trained to validate a link in an email client before they click it, will be susceptible to click on it because it has not yet been translated to a real domain name in their browser. The real domain name would only be seen after the page has started to open," Bitdefender researchers warned.

"Punycode can represent Unicode characters using the limited ASCII character set - for example, my localized domain žugec.sk is actually a domain xn-ugec-kbb.sk," Martin Zugec, Technical Solutions Director at Bitdefender, explained.

Spoofed IDN homograph domains are created by combining letters from different alphabets, which to the user look so similar to one another that they make differentiation impossible, but Unicode treats as separate entities/letters.

Since domain registration vetting largely limits which spoofed domains can be registered and most browsers show the spoofed IDN domain's real name, IDN homograph attacks are impractical and uncommon.

In the meantime, endpoint security solutions and IP and URL reputation services should block most suspicious domains, and user awareness training should teach users to always check the destination URL. "As a simple rule, if the URL begins with xn-, the site is suspicious. International domain names are rarely used for non-malicious activities, except for a few countries," he noted, and warned that since these spoofed IDN domains can be equipped with free security certificates, a lock icon present in the address bar should not be treated by users as proof of the domain's legitimacy.

News URL

https://www.helpnetsecurity.com/2022/06/02/microsoft-office-homograph-attacks/