In recent cybersecurity news, an article on how malicious attackers can abuse Microsoft Office executables to download malware has been getting a lot of attention. This news adds to several others that report on the Microsoft database hacks or the Microsoft Exchange Hack.
These news underline why ditching Microsoft Outlook for a more secure email service becomes more and more attractive.
The article discusses how legitimate binaries and scripts within the Windows operating system, known as LOLBAS (Living-off-the-Land Binaries and Scripts), are being exploited by attackers for malicious purposes. Specifically, the article mentions that Microsoft Office executables, including those for Outlook, Publisher, and Access, can be abused by attackers to download and run malware.
The LOLBAS project is an open source project that compiles a list of these legitimate tools that malicious attackers can misuse for post-exploitation activities, enabling them to download and execute payloads without triggering defensive mechanisms.
The project currently lists over 150 Windows-related binaries, libraries, and scripts that can aid attackers in executing malicious files or bypassing security measures.
Nir Chako, a security researcher from Pentera, conducted research into this area, manually tested various Microsoft Office executables. He identified three, namely executables—MsoHtmEd.exe, MSPub.exe, and ProtocolHandler.exe, that could be exploited to download third-party files, fitting the criteria of LOLBAS.
Through automation, Chako discovered additional downloaders, increasing the official LOLBAS downloaders list by almost 30%. Chako also found other files, not only from Microsoft but also from developers like JetBrains (e.g., elevator.exe) and Git (e.g., mkpasswd.exe), that meet the LOLBAS criteria and can potentially be misused for malicious purposes, such as reconnaissance.
While some of these executables have been confirmed to download payloads from remote servers, others are awaiting inclusion in the LOLBAS list due to a technical error in the submission process.
Chako's research aims to raise awareness about LOLBAS threats and help defenders develop strategies to prevent or mitigate cyberattacks. Pentera has published a paper detailing how researchers, red-teamers, and defenders can identify new LOLBAS files.
These risks in Microsoft Outlook must not be underestimated and show once again that email services focusing on security and privacy are the better alternative.
Using Tutanota email clients offers a proactive approach to mitigating the risks associated with using Microsoft Outlook and other email services from big tech companies. Tutanota employs robust security measures that can significantly enhance users' protection against various vulnerabilities and potential attacks. One key advantage lies in Tutanota's end-to-end encryption, which ensures that only the intended recipients can access the content of emails, making it impossible for malicious actors to intercept or manipulate messages.
Unlike mainstream providers, Tutanota adheres to a strict zero-access architecture, meaning that even we cannot access the decrypted content of users' emails.
Tutanota's focus on open-source software and its commitment to transparency contribute further to its security posture. The open-source nature of Tutanota's clients allows security experts to scrutinize the code for vulnerabilities, helping to ensure that any potential issues are identified and resolved promptly. This community-driven approach fosters a strong ecosystem of accountability and continuous improvement, reducing the likelihood of hidden exploits that could be leveraged by potential attackers.
In essence, Tutanota's emphasis on encryption, privacy, and open-source development creates a more secure email environment, mitigating the risks associated with traditional big tech email services like Microsoft Outlook and others.
Tutanota offers an ideal solution for individuals seeking to create new email accounts with enhanced security. When establishing a professional email presence, opting for Tutanota's services is the safest choice. Its end-to-end encryption ensures that sensitive business communications remain confidential and impervious to unauthorized access. By creating a professional email account through Tutanota, users secure their digital communication channels against potential exploits that malicious attackers might target in commonly used email clients, mitigating cybersecurity risks.