Microsoft’s Advanced Threat Protection (ATP) includes a feature called Safe Links. Office 365 Safe Links basically curb all the malicious links coming via phishing emails or documents. Safe Links checks the URL to see if it is blacklisted by Microsoft or any ATP customer or points to any malware. If such malicious link URL appears anywhere it is forbidden for clicking and the users are immediately informed about the same.
However, researchers at Avanan say that hackers have found a way to bypass Office 365 Safe Links by simply splitting the malicious link URL using HTML <base> tag. Here is how they are doing it:
Such an attack is termed as baseStriker attack as it exploits the <base> tag in the header of the HTML page or document. If <base> tag is defined in the header of an HTML page, all subsequent links in the HTML body will take that as starting point for constructing the full URL as shown in the above image.
The researchers tested the baseStriker attack against several configurations and found that “anyone using Office 365 in any configuration is vulnerable,” be it web-based client, mobile app or desktop application of OutLook. What makes these attacks even more interesting is that the most of the URLs used by the hackers to bypass safe links are already blacklisted by Microsoft.
Microsoft has been made aware of these attacks and the company has launched an investigation. “Microsoft has a customer commitment to investigate reported security issues and provide resolution as soon as possible,” a Microsoft spokesperson said. “We encourage customers to practice safe computing habits by avoiding opening links in emails from senders they don’t recognize.”
However, Routeget Technologies Customers are well protected & would not need to bother with this type of email phishing attack. Routeget Technologies helps in identifying spam emails as well as intruders in your system and take preventive measures. The firewalls are well equipped to keep your organization safe, up and running.
Amit Gaurav, is a 20-year veteran of the information technology industry, serves as Sr. Director of the MENA and APAC for Routeget Technologies Limited. He is responsible for the overall performance of the company’s operations in the entire APAC, MENA, and Indian subcontinent.
In this role, Amit is responsible for the long-term strategic development and execution of the company’s global operations and engineering efforts. Among his key priorities is ensuring the alignment of core business functions, including corporate financials with global supply chain operations and delivering continuous improvement – Lean – across the operations and engineering functions. Other focus areas include establishing and maintaining the policies and initiatives related to Quality, Health, and Safety.
Amit Gaurav has a wealth of experience in business management, new business acquisition, and account management. His success and extensive experience in Enterprise solutions suite and business development management are power-packed.
A family man, proud father of cutie “Aahana” and a through-and-through Barcelona & CSK supporter, Amit enjoys nothing more than kicking back at the weekend to play games with his daughter.
Amit Gaurav, is a 20-year veteran of the information technology industry, serves as Sr. Director of the MENA and APAC for Routeget Technologies Limited. He is responsible for the overall performance of the company’s operations in the entire APAC, MENA, and Indian subcontinent.
In this role, Amit is responsible for the long-term strategic development and execution of the company’s global operations and engineering efforts. Among his key priorities is ensuring the alignment of core business functions, including corporate financials with global supply chain operations and delivering continuous improvement – Lean – across the operations and engineering functions. Other focus areas include establishing and maintaining the policies and initiatives related to Quality, Health, and Safety.
Amit Gaurav has a wealth of experience in business management, new business acquisition, and account management. His success and extensive experience in Enterprise solutions suite and business development management are power-packed.
A family man, proud father of cutie “Aahana” and a through-and-through Barcelona & CSK supporter, Amit enjoys nothing more than kicking back at the weekend to play games with his daughter.
Leave a Reply