Urgent warning to Microsoft Office users about “homographic attacks” that can reveal data and why you need to check your spelling

SECURITY experts have issued an urgent warning to Microsoft Office users about “homograf attacks”.

The breach allows downloading malware that can expose your data.

1

Microsoft Office is one of the world’s most widely used suite of Office-related applications.

Thanks to its worldwide popularity, it is also a constant target for hackers.

Recently, analysts at Romanian cybersecurity firm Bitdefender discovered that Microsoft’s office software platform could be misused to launch phishing attacks.

Bitdefender added that the attacks target Outlook, Word, Excel, OneNote, and PowerPoint users.

Dubbed “homograph attacks,” they are said to be intelligent enough to trick even the most internet-savvy. Therefore, it is important that users take extra care and understand what to look out for.

What is a homograph attack?

Homograph attacks abuse similar-looking characters to trick users (e.g. using a “zero” in G00GLE instead of the letter “o” in GOOGLE). The difference is small, but the potential of these attacks increases when they are based on international domain names (IDN).

In a disturbing discovery, Bitdefender analysts found that all Microsoft Office applications are vulnerable to such attacks.

The attacks tend to take advantage of the globalization of the Internet. All web domains used to use the Latin alphabet, which consisted of 26 characters.

However, the internet has since expanded to include more characters, including the Cyrillic alphabet (used in Eastern Europe and Russia). This allowed hackers to combine different characters and create phishing sites with URLs that look very similar to the authentic website.

What to look out for

Hackers and attackers can force Microsoft Office apps like Outlook to display a legitimate-looking link.

Users may not be able to tell the difference until the website opens in their browser. When users land on these malicious websites, it triggers malware download in some cases.

However, there is some good news.

Bitdefender claims that a homograph attack is not easy to perform and is unlikely to be used on a large scale.

However, it warns that the vulnerability can be abused as a highly effective weapon for targeted attacks, such as B. State-sponsored cyber attackers who target certain high-value companies to hack their passwords and other sensitive data.

Bitdefender reported the issue to Microsoft in October 2021 and the tech giant acknowledged the threat as real. However, a patch has yet to be released to fix the vulnerability.