Security News > 2022 > June > Microsoft Office apps are vulnerable to IDN homograph attacks
Microsoft Office apps - including Outlook and Teams - are vulnerable to homograph attacks based on internationalized domain names.
"Users, who are trained to validate a link in an email client before they click it, will be susceptible to click on it because it has not yet been translated to a real domain name in their browser. The real domain name would only be seen after the page has started to open," Bitdefender researchers warned.
"Punycode can represent Unicode characters using the limited ASCII character set - for example, my localized domain žugec.sk is actually a domain xn-ugec-kbb.sk," Martin Zugec, Technical Solutions Director at Bitdefender, explained.
Spoofed IDN homograph domains are created by combining letters from different alphabets, which to the user look so similar to one another that they make differentiation impossible, but Unicode treats as separate entities/letters.
Since domain registration vetting largely limits which spoofed domains can be registered and most browsers show the spoofed IDN domain's real name, IDN homograph attacks are impractical and uncommon.
In the meantime, endpoint security solutions and IP and URL reputation services should block most suspicious domains, and user awareness training should teach users to always check the destination URL. "As a simple rule, if the URL begins with xn-, the site is suspicious. International domain names are rarely used for non-malicious activities, except for a few countries," he noted, and warned that since these spoofed IDN domains can be equipped with free security certificates, a lock icon present in the address bar should not be treated by users as proof of the domain's legitimacy.
News URL
https://www.helpnetsecurity.com/2022/06/02/microsoft-office-homograph-attacks/
Related news
- Microsoft Office LTSC 2024 preview available for Windows, Mac (source)
- Ukraine Targeted in Cyberattack Exploiting 7-Year-Old Microsoft Office Flaw (source)
- 17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns (source)
- Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Week in review: Palo Alto Networks firewalls under attack, Microsoft patches two exploited zero-days (source)
- New Latrodectus malware attacks use Microsoft, Cloudflare themes (source)
- Microsoft warns of "Dirty Stream" attack impacting Android apps (source)
- Microsoft fixes Windows zero-day exploited in QakBot malware attacks (source)
- Microsoft fixes a bug abused in QakBot attacks plus a second under exploit (source)