Security News > 2022 > June > Microsoft Office apps are vulnerable to IDN homograph attacks
Microsoft Office apps - including Outlook and Teams - are vulnerable to homograph attacks based on internationalized domain names.
"Users, who are trained to validate a link in an email client before they click it, will be susceptible to click on it because it has not yet been translated to a real domain name in their browser. The real domain name would only be seen after the page has started to open," Bitdefender researchers warned.
"Punycode can represent Unicode characters using the limited ASCII character set - for example, my localized domain žugec.sk is actually a domain xn-ugec-kbb.sk," Martin Zugec, Technical Solutions Director at Bitdefender, explained.
Spoofed IDN homograph domains are created by combining letters from different alphabets, which to the user look so similar to one another that they make differentiation impossible, but Unicode treats as separate entities/letters.
Since domain registration vetting largely limits which spoofed domains can be registered and most browsers show the spoofed IDN domain's real name, IDN homograph attacks are impractical and uncommon.
In the meantime, endpoint security solutions and IP and URL reputation services should block most suspicious domains, and user awareness training should teach users to always check the destination URL. "As a simple rule, if the URL begins with xn-, the site is suspicious. International domain names are rarely used for non-malicious activities, except for a few countries," he noted, and warned that since these spoofed IDN domains can be equipped with free security certificates, a lock icon present in the address bar should not be treated by users as proof of the domain's legitimacy.
News URL
https://www.helpnetsecurity.com/2022/06/02/microsoft-office-homograph-attacks/
Related news
- Microsoft Office 2024 now available for Windows and macOS users (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- Microsoft issues 117 patches – some for flaws already under attack (source)
- Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks (source)
- Microsoft: Ransomware Attacks Growing More Dangerous, Complex (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)