Breaking News

Sony Announces groundbreaking Alpha 1 Camera with 50mp and 8K Recording ASRock Launches 1L Jupiter X300 Mini PC Intel Teams up with ASUS and Colorful for first dedicated Iris Xe (DG1) Graphics cards TEAMGROUP Takes its Memory to the Next Level: Develops Next-Gen DDR5 SO-DIMM Samsung Expands Vital Blood Pressure and Electrocardiogram Tracking to Galaxy Watch3 and Galaxy Watch Active2 in 31 More Countries

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

Hackers Target Microsoft Office's Vulnerabilities

Hackers Target Microsoft Office's Vulnerabilities

Enterprise & IT Apr 15,2019 0

Cybercriminals have moved away from using Web-based vulnerabilities in favor of MS Office ones, according to Kaspersky.

Kaspersky researchers Boris Larin, Vlad Stolyarov, and Alexander Liskin have identified changes to the threat landscape in the last two years. They compared a distribution of attacked users by targeted platforms from the end of last year with one from just two years ago. They found that cybercriminals moved away from using Web-based vulnerabilities in favor of MS Office ones — but the extent of the change surprised even them: In the past few months, MS Office, with a more than 70% share of attacks, became the most targeted platform.

Starting last year, a bunch of zero-day exploits for MS Office began to pop up. These usually begin with targeted campaign but eventually go public and end up integrated into a malicious document builder. The turnaround time has shortened substantially, however. "For example, in the case of CVE-2017-11882, the first equation editor vulnerability our expert saw, a huge spam campaign started the same day the proof of concept was published. That’s true of other vulnerabilities as well — once a technical report for a vulnerability goes public, an exploit for it appears on the dark market in a matter of days. Bugs themselves have become much less complex, and sometimes a detailed write-up is all a cybercriminal needs to build a working exploit, " Kaspersky says.

A look at the most exploited vulnerabilities of 2018 shows that malware authors prefer simple, logical bugs, since they are reliable and work in every version of Word released in the past 17 years. And, most important, building an exploit for either one requires no advanced skills, because the equation editor binary didn’t have any of the modern protections and mitigations you’d expect from an application in 2018.

An interesting side note, none of the top most exploited vulnerabilities are in MS Office itself. Rather, the vulnerabilities exist in related components.

In 2018 alone, Kaspersky found multiple zero-day vulnerabilities exploited in the wild. Among them is CVE-2018-8174 (the Windows VBScript Engine Remote Code Execution Vulnerability). This vulnerability is especially interesting, because the exploit was found in a Word document, but the vulnerability is actually in Internet Explorer.

Tags: HackingmalwareCybersecurityKasperskymicrosoft office
Previous Post
Qualcomm Faces Apple In Critical San Diego Legal Battle
Next Post
Volkswagen 's ID. ROOMZZ Electric SUV Concept Launches in Shanghai

Related Posts

  • European Supercomputers Researching Covid-19 Report Hacking Attacks

  • Intel and Microsoft Convert Malware to Images to Spot Threads Faster

  • Intel Confirms "Thunderspy" Risk in Thuerbolt Devices

  • Microsoft Offers You $100,000 If You Can Hack the Linux-based Azure Sphere

  • Zoom Users' Data have Been on Sale on Dark Web: report

  • Indonesia's Tokopedia Inverstigates Alleged Data Leak of 91 Million Users

  • Nintendo Says 160,000 Accounts Have Been Hacked

  • Apple Says 'No Evidence' iPhone Mail Bug Used Against Consumers

Latest News

Sony Announces groundbreaking Alpha 1 Camera with 50mp and 8K Recording
Cameras

Sony Announces groundbreaking Alpha 1 Camera with 50mp and 8K Recording

ASRock Launches 1L Jupiter X300 Mini PC
PC components

ASRock Launches 1L Jupiter X300 Mini PC

Intel Teams up with ASUS and Colorful for first dedicated Iris Xe (DG1) Graphics cards
GPUs

Intel Teams up with ASUS and Colorful for first dedicated Iris Xe (DG1) Graphics cards

TEAMGROUP Takes its Memory to the Next Level: Develops Next-Gen DDR5 SO-DIMM
PC components

TEAMGROUP Takes its Memory to the Next Level: Develops Next-Gen DDR5 SO-DIMM

Samsung Expands Vital Blood Pressure and Electrocardiogram Tracking to Galaxy Watch3 and Galaxy Watch Active2 in 31 More Countries
Consumer Electronics

Samsung Expands Vital Blood Pressure and Electrocardiogram Tracking to Galaxy Watch3 and Galaxy Watch Active2 in 31 More Countries

Popular Reviews

CeBIT 2005

CeBIT 2005

Zidoo Z9S 4K Media Player review

Zidoo Z9S 4K Media Player review

CeBIT 2006

CeBIT 2006

LiteOn iHBS112 review

LiteOn iHBS112 review

Club3D HD3850

Club3D HD3850

Crucial P1 NVMe 1TB SSD review

Crucial P1 NVMe 1TB SSD review

Toshiba Exceria M303 64GB and M501 Exceria Pro 64GB MicroSDXC review

Toshiba Exceria M303 64GB and M501 Exceria Pro 64GB MicroSDXC review

Hitachi DZ-MV100A DVD Camcorder

Hitachi DZ-MV100A DVD Camcorder

  • Home
  • News
  • Reviews
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed