Connect with us

Hi, what are you looking for?

HEADLINES

Eight times more users attacked via an old Microsoft Office vulnerability in Q2

Old versions of applications remain the main targets for attackers, with almost 547,000 users in total being affected through corresponding vulnerabilities in the last quarter. Moreover, the number of users affected by the Microsoft MSHTML Remote Code Execution vulnerability, which was previously spotted in targeted attacks, skyrocketed eight times.

Photo by Luca Bravo from Unsplash.com

In Q2 2022, the number of exploits for vulnerabilities in the Microsoft Office suite increased – accounting for 82% of the total number of exploits across different platforms, according to the latest Kaspersky quarterly malware report. Old versions of applications remain the main targets for attackers, with almost 547,000 users in total being affected through corresponding vulnerabilities in the last quarter. Moreover, the number of users affected by the Microsoft MSHTML Remote Code Execution vulnerability, which was previously spotted in targeted attacks, skyrocketed eight times.

In Q2 2022, the number of attacks exploiting vulnerabilities in the Microsoft Office suite increased – now accounting for 82% of the total number of exploits for different platforms and software, such as Adobe Flash, Android, Java, etc. 

Kaspersky experts found that exploits for the vulnerability, designated CVE-2021-40444, were used to attack 5,000 people in Q2 2022, which is eight times more than during Q1 2022. This zero-day vulnerability in Internet Explorer’s engine MSHTML was first reported in September 2021. The engine is a system component used by Microsoft Office applications to handle web content. When exploited, it enables the remote execution of malicious code on victims’ computers. 

VulnerabilityAttacked users in Q2 2022Dynamics of attacked users, %
Q2 2022 vs Q1 2022
CVE-2021-404444,886696%
CVE-2017-019960,13259%
CVE-2017-11882140,6235%
CVE-2018-0802345,8273%

The comparative number of users affected by Microsoft Office vulnerabilities in Q2 2022, and associated dynamics

Advertisement. Scroll to continue reading.

According to Kaspersky’s telemetry data, CVE-2021-40444 was previously exploited during attacks on organizations in the research and development, energy and industrial sectors, financial and medical technology, as well as telecommunications and IT. 

“Since the vulnerability is quite easy to use, we expect an increase in its exploitation. Criminals craft malicious documents and convince their victims to open them through social engineering techniques. The Microsoft Office application then downloads and executes a malicious script. To be on the safe side, it is vital to install the vendor’s patch, use security solutions capable of detecting vulnerability exploitation, and to keep employees aware of modern cyberthreats,” comments Alexander Kolesnikov, malware analyst at Kaspersky.

Older versions of Microsoft Office suite are an invitation for attackers 

CVE-2018-0802 and CVE-2017-11882 became leaders in terms of the total number of victims in Q2 2022, seeing a slight rise in Q1. They were used to attack more than 487,000 users via older versions of Microsoft Office suite programs, which remain quite popular and still a highly attractive target for criminals. Exploiting these vulnerabilities, attackers typically distributed malicious documents to damage the memory of the Equation Editor component and ran malicious code on the victim’s computer. 

The number of users affected by CVE-2017-0199 grew by 59% to more than 60,000. If exploited successfully, this vulnerability enables attackers to control a victim’s computer and view, change, or delete data without their knowledge. 

Advertisement. Scroll to continue reading.

Read more about malware attacks in Q2 2022 on Securelist.com.

In order to prevent attacks via Microsoft Office vulnerabilities, Kaspersky researchers recommend implementing the following measures:

  • Provide your SOC team with access to the latest threat intelligence (TI). The Kaspersky Threat Intelligence Portal is a single point of access for the company’s TI, providing cyberattack data and insights gathered by Kaspersky over the past 20 years. To help businesses enable effective defenses in these turbulent times, Kaspersky announced free access to independent, continuously updated, and globally sourced information on ongoing cyberattacks and threats. Request access online
  • Receive relevant and up-to-date information on threats to be aware of and the TTPs used by attackers
  • Companies are advised to use a security solution that provides vulnerability management components, such as the Automatic Exploit Prevention within Kaspersky Endpoint Security for business. This component monitors suspicious actions of applications and blocks the execution of malicious files
  • Use solutions such as Kaspersky Endpoint Detection and Response and Kaspersky Managed Detection and Response that help detect and prevent attacks at an early stage – before the attackers are able to achieve their goals

Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

In rigorous evaluations conducted by prestigious cybersecurity testing organizations, Kaspersky Plus (starting in Q4 2024, Kaspersky Premium), Kaspersky Endpoint Security for Business (KESB), and...

HEADLINES

"Given the Philippines' high exposure to cyber threats, it's important for both individuals and businesses to stay vigilant," said Adrian Hia, Managing Director for...

White Papers

When compared to 2023, Sophos saw a 51% increase in abusing “Living off the Land” binaries or LOLbins; since 2021, it’s increased by 83%.

HEADLINES

Someone illegally acquires or uses personal information such as bank account or credit card numbers of another person to obtain money, goods or services....

HEADLINES

To stay ahead of these challenges, organizations need to invest in AI-driven defenses, transition to quantum-safe encryption, and adopt a Zero Trust approach to...

HEADLINES

There was a 121% Year-on-Year (YoY) increase in identity fraud in 2024 across the region, with significant surges recorded in Singapore (207%), Thailand (206%)...

HEADLINES

As part of RCBC’s 2024 Cybersecurity literacy program, the webinar aims to help Filipinos level up their online banking safety by providing them with...

White Papers

The survey found that CXO’s feel less prepared than their global peers. Less than half or 48% in APAC said they felt completely prepared...

Advertisement