Feb 10 — A vintage phishing technique involving mislabeled files is effectively coercing Microsoft 365 users into divulging their credentials.
Researchers report that bad actors are using Right-to-Left Override (RLO) attacks in order to dupe victims into executing files that include malicious extensions. When victims open the files, they are asked to type in their Microsoft 365 login information.
Right-to-Left Override attacks
Across the past two weeks, threat analysts have identified more than 200 RLO attacks on Microsoft 365 users. RLO spoofing was once a relatively popular method for hiding malware within attachments.
Analysts believe that attackers may be using this attack in order to take advantage of the expansion of remote work, as RLO spoofing is generally more convincing in the absence of interpersonal communications.
The precise exploit in use has existed for more than a decade, and was initially reported as CVE-2009-3376.