Microsoft Office is the suite of document applications offered by Microsoft for Windows, although now we can find its variables for tablets and smartphones. But although they are excellent tools to work with the different types of documents that exist, they are under threat of homograph attacks by cybercriminals. Learn the details in this article.
Read: The community of Navarra returns to the paper era due to ransomware
There are homograph attacks through Microsoft Office applications
The Microsoft Office suite has been under study since last year due to certain characteristics that put it, and the rest of the users’ information at risk. Bitdefender has just released a report detailing these risks. And not only is it concerned with this increase in homograph attacks, but also that they are carried out with internationalized domain names (IDN).
Homograph attacks are nothing more than a variable of phishing attacks; these use similar names of well-known sites but use special characters that, at first glance, it’s hard to notice the difference. An example of this is: g00gle.com. For the users and the fast pace of life that they do not stop to review and read incoming emails or messages thoroughly, so it is easy to fall into the attack.
However, using these attacks with IDN raises their category and makes them very difficult to detect. Although, it should be clarified that these types of attacks are not very common since they are difficult to configure and maintain in the long term. But they can be very effective since it becomes unrecognizable for users to notice the difference, and the probability of clicking on a document is very high. Also, when these attacks are used, the targets are generally important companies or a determining activity such as cryptocurrencies.
It should be clarified that Bitdefender has already reported its findings to Microsoft since October of last year. Still, to date, it is unknown whether corrective measures have been taken, despite recognizing the flaws. Finally, companies should be ready for any contingency, including training employees in cybersecurity and having the best systems measures.
Keep in touch with our blog to read the latest news and innovations in the cybersecurity world.
Photo by Ed Hardie on Unsplash
Facebook: Eagle Tech Corp
LinkedIn: Eagle Tech
YouTube: Eagle Tech Corp