Microsoft Office is a suite of office related applications. It is one of the most widely used office suites worldwide. Thanks to its popularity, it is also a frequent target of hackers. Security researchers at BitDefender have stated that Microsoft’s office suite can be abused to launch a series of phishing attacks targeting users of Outlook, Word, Excel, and Outlook. One note and PowerPoint. Called gay attacks, they are said to be smart enough to fool even the most savvy internet users. Therefore, it is important for users to be very careful.
What are gay attacks?
Homograph attacks abuse similar-looking characters to fool users (eg – “Microsoft”). The potential for these attacks is greatly increased when they are based on international domain names (IDNs) and are used against applications, rather than browsers. BitDefender analysts have found that all Microsoft Office applications are not protected against such attacks. The researchers tested how these applications performed when they encountered an IDN identity attack.
These attacks tend to abuse the internationalization of the internet. In the early days, all domains on the web used the Latin alphabet, which consisted of 26 characters. Later, the internet expanded to include more characters including the Cyrillic alphabet (used in Eastern Europe and Russia). This has provided attackers with a wide playing field to combine different characters and create phishing websites with URLs that look a lot like the authentic website.
How it might affect users
To simplify things for the average user, hackers and bad guys can force Microsoft Office applications, such as Outlook, to display a link that looks legitimate. Users may not be able to tell the difference until the website is opened in their browser. In some cases, when users visit these malicious websites, it triggers malware downloads.
Meanwhile, the good news is that BitDefender has stated that such an attack is not easy to execute and is unlikely to be used on a large scale. However, this vulnerability can be abused as a powerful weapon for targeted attacks like state-sponsored cyber attackers targeting some high-value companies to hack. their passwords and other sensitive data.
Microsoft’s response to this security issue
Bitdefender reported the issue to Microsoft in October 2021, and the tech giant has also acknowledged the threat is real. However, the company has yet to release a patch to fix this exploit.