Headline
Microsoft Office Most Exploited Software in Malware Attacks – Report
By Deeba Ahmed Research reveals that around 80% of all malware attacks used MS Office flaws. Atlas VPN has shared its… This is a post from HackRead.com Read the original post: Microsoft Office Most Exploited Software in Malware Attacks – Report
****Research reveals that around 80% of all malware attacks used MS Office flaws.****
Atlas VPN has shared its findings for Q1 2022, in which the company revealed startling stats about Microsoft Office. Reportedly, Microsoft Office has become the most commonly exploited software in malware attacks.
It is a fact that most Microsoft Office security flaws are publicly known which makes it easy for cybercriminals to exploit them. On the other hand, because most users ignore essential software updates, scammers can easily inject malicious code after exploiting security loopholes.
According to researchers, some Microsoft Office vulnerabilities are being exploited more than others. These include the following:
- CVE-2018-0802
- CVE-2017-8570
- CVE-2017-11882
These flaws allow system infection, execute commands autonomically, and spread malware infection including the nasty Cobalt Strike one. Despite that security updates are available for these vulnerabilities, these still top the list of most exploited flaws. This indicates that users need to ramp up software security to stay protected.
Atlas VPN wrote that around 78.5% of all malware attacks are launched by targeting Microsoft Office vulnerabilities. Per the Q4 2021 data shared by Kaspersky’s malware research platform Securelist, Microsoft was targeted in 61% of the attacks last year.
Therefore, it can be assumed that hackers are increasingly abusing MS Office, and there’s been a rise in software exploitation since last year.
- Hackers are using Microsoft Teams chat to spread malware
- Threat actors using Google Docs exploit to spread phishing links
- Google, Microsoft and Oracle generated most vulnerabilities in 2021
- Google Drive accounted for 50% of malicious Office document downloads
In contrast, browser exploits have become rare as they are updated automatically. Android (4.1%), Java (3.48%), Adobe Flash (3.49%), and PDF (2.79%) exploits didn’t show any drastic changes in percentages in Q1 2022.
MS Office is a widely used software. Today, over 1.2 billion individuals and companies across 140 countries and 107 languages use Microsoft Office. For this reason alone, ensuring that the software is properly patched and updated is essential. It is also necessary to follow basic cybersecurity practices and always patch the software as soon as an update is available.
Related news
The long-active, India-sponsored cyber-threat group targeted multiple entities across Asia, Africa, the Middle East, and even Europe in a recent attack wave that demonstrated the use of a previously unknown post-exploit tool called StealerBot.
Users of Chinese instant messaging apps like DingTalk and WeChat are the target of an Apple macOS version of a backdoor named HZ RAT. The artifacts "almost exactly replicate the functionality of the Windows version of the backdoor and differ only in the payload, which is received in the form of shell scripts from the attackers' server," Kaspersky researcher Sergey Puzan said. HZ RAT was first
The nation-state threat actor known as SideWinder has been attributed to a new cyber espionage campaign targeting ports and maritime facilities in the Indian Ocean and Mediterranean Sea. The BlackBerry Research and Intelligence Team, which discovered the activity, said targets of the spear-phishing campaign include countries like Pakistan, Egypt, Sri Lanka, Bangladesh, Myanmar, Nepal, and the
By Deeba Ahmed Hackers are dusting off old tricks! A recent attack exploited vulnerabilities in systems running outdates Microsoft Office to deliver Cobalt Strike malware. Learn how to protect yourself! This is a post from HackRead.com Read the original post: 7-Year-Old 0-Day in Microsoft Office Exploited to Drop Cobalt Strike
The targeted operation utilized CVE-2017-8570 as the initial vector and employed a notable custom loader for Cobalt Strike, yet attribution to any known threat actor remains elusive.
Attackers are weaponizing an old Microsoft Office vulnerability as part of phishing campaigns to distribute a strain of malware called Agent Tesla. The infection chains leverage decoy Excel documents attached in invoice-themed messages to trick potential targets into opening them and activate the exploitation of CVE-2017-11882 (CVSS score: 7.8), a memory corruption vulnerability in Office's
A new variant of the Agent Tesla malware has been observed delivered via a lure file with the ZPAQ compression format to harvest data from several email clients and nearly 40 web browsers. "ZPAQ is a file compression format that offers a better compression ratio and journaling function compared to widely used formats like ZIP and RAR," G Data malware analyst Anna Lvova said in a Monday analysis.
Hello everyone! On the last day of September, I decided to record another retrospective episode on how my Vulnerability Management month went. Alternative video link (for Russia): https://vk.com/video-149273431_456239136 September was quite a busy month for me. Vulnerability Management courses I participated in two educational activities. The first one is an on-line cyber security course for […]
By Waqas KEY FINDINGS Organizations should take steps to protect themselves from this campaign by keeping software up to date,… This is a post from HackRead.com Read the original post: Rust Implant Used in New Malware Campaign Against Azerbaijan
By Deeba Ahmed FortiGuard Discovers Phishing Campaign Distributing New Agent Tesla Variant to Windows Devices. This is a post from HackRead.com Read the original post: New Agent Tesla Variant Uses Excel Exploit to Infect Windows PCs
The Iranian threat actor tracked as APT34 has been linked to a new phishing attack that leads to the deployment of a variant of a backdoor called SideTwist. “APT34 has a high level of attack technology, can design different intrusion methods for different types of targets, and has supply chain attack capability,” NSFOCUS Security Labs said in a report published last week. APT34, also known by
Hello everyone! This month I decided NOT to make an episode completely dedicated to Microsoft Patch Tuesday. Instead, this episode will be an answer to the question of how my Vulnerability Management month went. A retrospection of some kind. Alternative video link (for Russia): https://vk.com/video-149273431_456239134 GitHub exploits and Vulristics This month I made some improvements […]
By Deeba Ahmed An APT group known as Tonto Team has tried targeting the Singapore-based Group-IB cybersecurity firm for the second time. This is a post from HackRead.com Read the original post: Chinese Hackers Keep Targeting Group-IB Cybersecurity Firm
CISA’s Known Exploited Vulnerabilities Catalog has become a valuable repository of vulnerabilities to be patched. A pair of reports analyze the vulnerabilities under attack to understand the kind of threats organizations should be prioritizing.
Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.
A financially motivated cybercrime group has been linked to an ongoing wave of attacks aimed at hospitality, hotel, and travel organizations in Latin America with the goal of installing malware on compromised systems. Enterprise security firm Proofpoint, which is tracking the group under the name TA558 dating all the way back to April 2018, called it a "small crime threat actor." "Since 2018,
The most heavily targeted flaw last quarter was a remote code execution vulnerability in Microsoft Office that was disclosed and patched four years ago.
Over a dozen military-industrial complex enterprises and public institutions in Afghanistan and Europe have come under a wave of targeted attacks since January 2022 to steal confidential data by simultaneously making use of six different backdoors. Russian cybersecurity firm Kaspersky attributed the attacks "with a high degree of confidence" to a China-linked threat actor tracked by Proofpoint
The dangerous malware appears to be well and truly back in action, sporting new variants and security-dodging behaviors in a wave of recent phishing campaigns.
The malware is using spreadsheets, documents, and other types of Microsoft Office attachments in a new and improved version that is often able to bypass email gateway-security scanners.
An "aggressive" advanced persistent threat (APT) group known as SideWinder has been linked to over 1,000 new attacks since April 2020. "Some of the main characteristics of this threat actor that make it stand out among the others, are the sheer number, high frequency and persistence of their attacks and the large collection of encrypted and obfuscated malicious components used in their
Notable new infection chain uses PDF to embed malicious files, load remote exploits, shellcode encryption, and more, new research shows.
Microsoft Word also leveraged in the email campaign, which uses a 22-year-old Office RCE bug.
An espionage-focused threat actor known for targeting China, Pakistan, and Saudi Arabia has expanded to set its sights on Bangladeshi government organizations as part of an ongoing campaign that commenced in August 2021. Cybersecurity firm Cisco Talos attributed the activity with moderate confidence to a hacking group dubbed the Bitter APT based on overlaps in the command-and-control (C2)
An espionage-focused threat actor known for targeting China, Pakistan, and Saudi Arabia has expanded to set its sights on Bangladeshi government organizations as part of an ongoing campaign that commenced in August 2021. Cybersecurity firm Cisco Talos attributed the activity with moderate confidence to a hacking group dubbed the Bitter APT based on overlaps in the command-and-control (C2)
Cisco Talos has observed an ongoing malicious campaign since August 2021 from the Bitter APT group that appears to target users in Bangladesh, a change from the attackers' usual victims.As part of this, there's a new trojan based on Apost Talos is calling "ZxxZ," that, among other... [[ This is only the beginning! Please visit the blog for the complete entry ]]
Cisco Talos has observed an ongoing malicious campaign since August 2021 from the Bitter APT group that appears to target users in Bangladesh, a change from the attackers' usual victims.As part of this, there's a new trojan based on Apost Talos is calling "ZxxZ," that, among other... [[ This is only the beginning! Please visit the blog for the complete entry ]]