BaseStriker attacks are software attacks that computer hackers use in an attempt to break through the defenses of an account or program. These attacks have been developed through unique coding while operating in a phishing-style in recent times. They’ve been so successful that they’ve grown and evolved becoming increasingly problematic to small business owners.
Used to get past anti-phishing filters while splitting and masking links with URL tagging code, researchers have found that Microsoft business products have become a big target. In the past, Microsoft Office 365 used very effective forms of security for their software and cloud-based products. Safe Link and Advanced Threat Protection feature some excellent security protocols.
baseStriker Attacks on the Rise
baseStriker attacks are escalating. Recently Microsoft reported that the security protocols built into Office 365 failed to protect 100 million email users. This is one of the largest security flaws ever reported for Office 365. Unlike similar attacks that could be discovered and blocked, hackers were able to use this vulnerability to completely bypass all of Microsoft’s security. This included its advanced services like ATP and Safe Links.
The name baseStriker originated due to the method hackers used to create this vulnerability. They split and disguise a malicious link using a tag called the <base> URL tag. This results in your antivirus software not being able to detect the link as malicious.
How baseStriker Attacks Work
A malicious link (that would normally be blocked by Microsoft security) is sent to the user. This URL is split into two snippets of HTML: a base tag and a regular href tag. In traditional phishing scams, a malicious link found in an HTML email would be blocked by the security programs found in Office 365. When these programs see a suspicious link, they perform a lookup using a list of known bad links.
For those customers who use Advanced Threat Protection, the suspicious URL is replaced with a “safe link” that prevents the user from proceeding to a phishing website. Using baseStriker methods, a phishing email that contains a malicious link is allowed through the email filters because they not handling the <base> HTML code correctly.
How ATP and Safe Links Can Help
Office 365, ATP, and Safe Links, along with Office 365 ATP Safe Attachments combine a number of security features for enterprise organizations. These are offered as part of Office 365 Advanced Threat Protection. Safe Links can help protect your business by providing time-of-click verification of web addresses in both official documents and websites.
This type of security can be customized by setting your own ATP Safe Links policies. Your security team can setup up your Office 365 program so that it works the way your business does. Once your ATP Safe Links policies are in place, your security team will get regular reports that show how Advanced Threat Protection is working. This information can help your security team take other steps to create stronger security for your company.
In spite of all these advancements, hackers work harder than ever to find new ways to get through all this security and steal personal and financial information.
What Attacks Have Been Common And What Has Been Done?
Security Affairs explained that baseStriker attacks have been more common in the past year. They were increasingly frequent in October 2017 and have continued since that time. The attacks are most commonly used to bypass Safe Links.
While Safe Links have been improving user capacities to protect against attacks in programs including Excel, Word, PowerPoint, baseStriker attacks have intensified.
Gmail users have not been as vulnerable to this specific method of attack because their developers have created base tag detectors. Mimecast has also built in ways to protect Office 365 users with Gmail accounts.
Microsoft is continuing to make improvements that address weaknesses in their security products. Patches and additional security protocols are being developed for the future. The landscape of hacking evolves almost daily so security must evolve as well.
Current forms of Office 365 security attempt to identify potential security risks through scans of base domains, and until some software development is built that does not ignore relative URLs, the security risk is expected to remain. Due to this, as Avanan reports, the attack method is analogous to viruses of biological immune systems, with even known attacks not being successfully addressed by Microsoft.
SC Media reported that Microsoft is aware of the issue and has dedicated resources to address it. Of course, they have recommended that customers follow common best practices for safe computer operations, but they have yet to develop software products that are capable of automatic recognition in the same manner as Gmail.
What Can I Do?
Enabling two-step authentication from within Office 365 allows users to reduce their vulnerabilities to information thefts made by malware. Organizations can purchase Advanced Threat Protection and have their security team optimize it for best protection. All employees should be trained on the latest hacking methods so they are well aware of what to look for. Many companies today are hiring IT consultants to come in and assess their security protocols, then recommend improvements.