Microsoft Office users experience eight times more cyber attacks in Q2, says report

August 26, 2022 - 11:23 AM
1297
FILE PHOTO: A sign marks the Microsoft office in Cambridge, Massachusetts, U.S. January 25, 2017. REUTERS/Brian Snyder

Microsoft Office users received 82% more attacks in the second quarter of 2022, according to recent data from a cybersecurity firm.

In its latest quarterly report, Kaspersky stated that old versions of applications of the Microsoft Office suite were the main targets for attackers.

It noted that almost 547,000 users were affected by these attacks.

“Old versions of applications remain the main targets for attackers, with almost 547,000 users in total being affected through corresponding vulnerabilities in the last quarter. Moreover, the number of users affected by the Microsoft MSHTML Remote Code Execution vulnerability, which was previously spotted in targeted attacks, skyrocketed eight times,” the report said.

In information technology, vulnerability is a “weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.”

Popular brands and applications were cited as among the affected software. These include Adobe Flash, Android and Java.

Here is a table of the types of vulnerabilities and the number of attacked users in the second quarter of 2022:

VulnerabilityAttacked users in Q2 2022Dynamics of attacked users, %
Q2 2022 vs Q1 2022
CVE-2021-404444,886696%
CVE-2017-019960,13259%
CVE-2017-11882140,6235%
CVE-2018-0802345,8273%

 

Of the types of vulnerabilities, Kaspersky highlighted that the CVE-2021-40444 was exploited during the time when different key organizations were also attacked, citing the firm’s telemetry data.

These organizations are in the following fields:

  • Research and development
  • Energy and industrial sectors
  • Financial and medical technology
  • Telecommunications
  • IT

The cybersecurity firm noted that this vulnerability was first reported in September 2021.

“The engine is a system component used by Microsoft Office applications to handle web content. When exploited, it enables the remote execution of malicious code on victims’ computers,” it said in the report.

Alexander Kolesnikov, malware analyst at Kaspersky, said that they have already expected an increase in exploitation of this vulnerability given that it is “quite easy to use.”

“Since the vulnerability is quite easy to use, we expect an increase in its exploitation. Criminals craft malicious documents and convince their victims to open them through social engineering techniques,” Kolesnikov said.

“The Microsoft Office application then downloads and executes a malicious script. To be on the safe side, it is vital to install the vendor’s patch, use security solutions capable of detecting vulnerability exploitation, and to keep employees aware of modern cyberthreats,” he added.

Recommendations

Kaspersky’s researchers listed the following measures on how companies and organizations could prevent such attacks:

  • Provide your SOC team with access to the latest threat intelligence (TI). The Kaspersky Threat Intelligence Portal is a single point of access for the company’s TI, providing cyberattack data and insights gathered by Kaspersky over the past 20 years. To help businesses enable effective defenses in these turbulent times, The cybersecurity firm announced free access to independent, continuously updated, and globally sourced information on ongoing cyberattacks and threats. Request access online.
  • Receive relevant and up-to-date information on threats to be aware of and the TTPs used by attackers.
  • Companies are advised to use a security solution that provides vulnerability management components, such as the Automatic Exploit Prevention within Kaspersky Endpoint Security for business. This component monitors suspicious actions of applications and blocks the execution of malicious files.
  • Use solutions such as Kaspersky Endpoint Detection and Response and Kaspersky Managed Detection and Response that help detect and prevent attacks at an early stage – before the attackers are able to achieve their goals.