Office 365 Zero-Day Dubbed ‘baseStriker’ Used in Phishing Campaigns
Target: Office 365 users
Attack Vector: Phishing
Summary: A new zero-day vulnerability, discovered last week known as baseStriker, allows attackers to send malicious emails that bypass security systems including Advanced Threat Protects on Office 365 accounts. The flaw takes advantage of how Office 365 servers scan incoming emails and attackers have discovered a way to bypass the system by declaring a simple < base > HTML tag in the < head > section. It is being used to carry out more effective and advanced phishing attacks as links will appear genuine after passing through servers without getting scanned. The link could point the victim to a malicious phishing site or to a file that downloads malware.
Risk assessment summary: The threat is assessed as 3c MODERATE primarily due to a fix or patch not yet being available. Although the Office 365 security flaw may be one of the largest to date, this zero-day vulnerability, known as baseStriker, is in its early stages and the overall impact remains unknown. Phishing remains a top attack vector for cybercriminals and those exploiting this vulnerability are sending well-crafted emails with few, if any, spelling mistakes. It is likely a large spam campaign using this method will occur in the upcoming days or weeks if a patch is not issued in a timely manner. Office 365 is used by a vast amount of large companies including over a reportedly 70% of Fortune 500 companies and upon successful exploitation, the impact would be significant.