Friday, November 1, 2024
HomeComputer SecurityNew Phishing Attack Taking Advantages of Vulnerability in Office 365 to Bypass...

New Phishing Attack Taking Advantages of Vulnerability in Office 365 to Bypass all of Microsoft’s Security

Published on

Malware protection

Researchers discovered a new type of advance phishing attack that taking advantages of office 365 vulnerability to bypass all the Microsoft security even though users implemented the Advanced Threat Protection (APT)

Phishing attacks one of the most frequently targeting millions of users nowadays and this attack left all the Office 365 users vulnerable since the attack is more sophisticated and persistent.

Z-WASP vulnerability , a type of Security bypass method which is used by most of the cybercriminals around the world to embedded the obfuscate links within the phishing emails.

- Advertisement - SIEM as a Service

It helps attackers to evade the phishing URL from Office 365 Security and Office 365 ATP, also it has the ability to bypass an Office 365’s URL reputation check and Safe Links URL protection.

Even though Z-WASP vulnerability effect is very simple structure, impact of its attack is highly destructive

Zero-Width Spaces  (Z-WASP)

Z-WASP is a method of hiding special characters in empty space which means that render to spaces of zero-width.

According to avanan, “Un-rendered (in their raw HTML form), ZWSPs appear like a mishmash of numbers and special characters randomly inserted between the letters a word or a URL; rendered in the browser, however, they are formatted to be invisible, resulting in what appears to be a standard URL”

 There are 5 ZWSP entities:

  • ​ (Zero-Width Space)
  • ‌ (Zero-Width Non-Joiner)
  • ‍ (Zero-Width Joiner)
  •  (Zero-Width No-Break Space)
  • 0 (Full-Width Digit Zero)

Working Method of Z-WASP Phishing Attacks

Further analysis conducted with the Z-WASP implemented Phishing emails reveal that middle of the malicious URL’s contain Zero-Width Non-Joiner (‌
 (‌ ‌) that considers as a legitimate URL by Office 365 ATP security check.

This Phishing URL delivered to targeted users via email but unfortunately users cannot see the ZWSPs in the URL.

once user click the URL it redirect to the credential harvesting phishing site. 

here you can see the how www.google.com viewed URL that containing ZWSPs to Microsoft Security .

How the URL looks to Microsoft Security:
http‌s://go‌ogle.co‌m/

Here you can see the complete demo video:


The Z-WASP attack is another chain in a list of exploits that are designed to obfuscate malicious content and confuse Office 365 security. Two similar exploits uncovered last year include the baseStriker and ZeroFont attacks, Avanan said.


You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Also Read:

Beware !! These 22 Malware Apps in Playstore Drained Your Battery & Steal Personal Data – 2M Users Infected

Android Malware in QR Code apps that Downloaded More than 500,000 times from Play Store

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...