Criminals Turn Attention to Microsoft Office Vulnerabilities

Research from Kapsersky Lab shows 70% of attacks now target the popular platform

Cybercriminals are moving away from exploiting Web-based vulnerabilities and are increasingly targeting weaknesses in Microsoft Office, according to new research from Kaspersky Lab. At its Security Analyst Summit in Singapore last week, Kaspersky researchers revealed a 54% jump in attacks targeting MS Office from 2016 to 2018. Seventy percent of all attacks now target the popular platform, they said.

The Lowdown:  Kaspersky’s SAS presentation, titled “Catching multilayered zero-day attacks on MS Office,” was meant to highlight the reality that threats come not only from sophisticated, complex APT attacks. In most cases, malware authors prefer simple, logical bugs and pick on Office due to its large attack surface and the relative simplicity of the exploits that target it.

The Details:  Beginning last year, Kaspersky malware teams noticed an increasing number of zero-day exploits for MS Office. Most start with a targeted campaign but go public in a matter of days as the bugs become much less complex and initial technical reports provide sufficient detail for criminals to quickly build working exploits.

In addition to the dramatic drop in attacks on Web browsers, which fell from 45% to 14% in the same two-year period, several other platforms fared better as compared to the barrage on MS Office. Attacks targeting Android dropped from 19% to 12%, while those targeting Adobe Flash fell from 13% to just 1%, the research found.

The Buzz:  “Microsoft Office is a hot target for attackers and will remain so,” the Kaspersky research team wrote. “Attackers aim for the easiest targets, and legacy features will be abused. To protect your company, we advise using solutions whose effectiveness is proved by their long list of detected CVEs.”