The META (Middle East, Turkey and Africa) region has seen an increase in the number of attacks via Microsoft Office vulnerabilities in Q2 2022. However, in SA this number decreased by 3% compared to Q1.
The number of exploits for vulnerabilities in the Microsoft Office suite increased globally compared to Q1, accounting for 82% of the total number of exploits across different platforms and software, such as Adobe Flash, Android, Java etc.
This was revealed by the latest Kaspersky quarterly malware report. According to the security giant, old versions of applications remain the main targets for attackers.
An increase in exploitation
MS Office vulnerabilities CVE-2021-40444, CVE-2017-0199, CVE-2017-11882, and CVE-2018-0802 were used by bad actors most often during this period. They were exploited to attack more than 551 000 users in total.
In Kenya, the number of users attacked through these vulnerabilities in the Microsoft Office suite over the last quarter increased by 20%, and Nigeria saw a 9% increase in the number of attacked users.
Kaspersky experts found that exploits for the vulnerability, designated CVE-2021-40444, were used to attack almost 5 000 people globally in Q2 2022, which is eight times more than during Q1 2022. The CVE-2021-40444 is a vulnerability in MSHTML, Internet Explorer’s engine. This Web browser is a part of operating systems, as some software relies on its engine for working with online content – for instance, it is used by the components of Microsoft Office.
Alexander Kolesnikov, a malware analyst at Kaspersky, says because CVE-2021-40444 is fairly simple to use, Kaspersky expects an increase in its exploitation worldwide. Threat actors tailor malicious documents and trick their victims into opening them using social engineering techniques. The Microsoft Office application then downloads and executes a malicious script.
“To be on the safe side, it is vital to install the vendor’s patch, use security solutions capable of detecting vulnerability exploitation, and keep employees aware of modern cyber threats,” he adds.
Kaspersky is offering limited free access to its Threat Intelligence Portal, which contains continuously updated and globally sourced information on ongoing cyber attacks and threats.
Share