Potential Security Threat: baseStriker Office 365 Vulnerability
There is a recently discovered Office 365 vulnerability that takes advantage of a flaw in Microsoft’s security, including it’s advanced services (ATP, Safelinks, etc). The method, called baseStriker, allows hackers to split malicious links into two separate types and lines of code to disguise its content. Microsoft’s security system currently scans the two incomplete links individually and is thus unable to identify them as malicious.
This is being considered Office 365's largest ever security flaw. At this point, Microsoft has not released a fix.
So far, hackers have only been seen using this vulnerability to send phishing attacks, but it also has the capability of distributing ransomware, and other malicious content.
No matter how strong your security settings are, it’s always important to be mindful of emails that come through that are either unexpected or contain unusual requests. We recommend you take extra care when reviewing such emails and to contact your IT support immediately if one arises.Your security is not something that should be taken lightly.
Are you unsure of what characteristics to look out for when trying to identify a phishing email?
We have a detailed list available to ensure you are as prepared as can be. We also have a handy quiz to test your detection skills.