Jump to content

Kaspersky reports 70 percent of attacks target MS Office vulnerabilities


Recommended Posts

According to this ZDNet article Kaspersky Labs is stating that 70% of exploit attacks are targeting Microsoft Office vulnerabilities.  This is rather surprising considering the shift over the past several years to exploits targeting the more popular Chrome browser rather than Internet Explorer/Edge.  The image below from the article illustrates their findings:

threat-landscape-2016-2018.png

According to the article, the reason for this change revolves around the fact that these types of vulnerabilities are much easier to write exploit code for as they are far simpler than many other types of attacks and exploits and that they tend to be reliable as Office maintains backwards compatibility for older MS Office versions and document types/formats (this also means that having the latest version of MS Office doesn't necessarily make you any more secure).  Kaspersky also warns that one of the primary reasons these attacks keep occurring is due to the release of extensive details an POCs from security researchers and code testers who discover and document these vulnerabilities, publishing their findings for the whole world (including the bad guys) to see.  Here's a small snippet from the article expressing this point:

Quote

Kaspersky said that one of the reasons why Office bugs often become the target of malware distribution campaigns is due to an entire crime ecosystem existing around it.

Once details about an Office vulnerability become public, an exploit for it appears on the dark market in a matter of days.

"Bugs themselves have become much less complex, and sometimes a detailed write-up is all a cybercriminal needs to build a working exploit," Kaspersky said.

This is the very same issue that ZDNet recently discussed with Leigh-Anne Galloway, cybersecurity resilience lead at Positive Technologies. Time and time again, the publication of proof-of-concept code for zero-days and recently patched security bugs often helped hackers more than it did securing end-users.

Edited by exile360
Link to post
Share on other sites

One additional note for users of Malwarebytes Premium; Malwarebytes has always provided extensive exploit protection for office applications, particularly components of Microsoft Office as they are known to be frequently attacked.  The image below reveals this, showing several MS Office components/applications in the default list of shielded/protected applications which are monitored by the Exploit Protection component in Malwarebytes:

shielded.png.711b58d79f480aeff65291fd4c915356.png

Additionally, Malwarebytes also provides several advanced exploit protection features specifically for various OS components, MS Office applications, media players, browsers and other programs ranging from Application Hardening, Advanced Memory Protection, and of course Application Behavior Protection beyond the standard shields/protection provided by the core Exploit Protection component in order to provide additional layers of defense against malicious exploits.

Link to post
Share on other sites

Unfortunately much of what keeps Office vulnerable is its backwards compatibility and extensive plugin and embedded scripting support.  These capabilities make it very flexible and useful, but also a prime target for active exploit/scripting based attacks/threats.  UWP might help to some degree but I'm certain it would not eliminate all of these kinds of vulnerabilities completely.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.