Microsoft Office: The New Hot Target for Hackers

New research finds cybercriminals have changed their focus from web vulnerabilities to Microsoft Office, and it is extremely easy to exploit holes in the popular software. Recent research from Kaspersky Lab reveals 70 percent of the attacks its antivirus products detected in Q4 2018 attempted exploit vulnerabilities in Microsoft Office.

In a presentation at Kaspersky’s Security Analyst Summit, Kaspersky researchers Boris Larin, Vlad Stolyarov, and Alexander Liskin noted the number of attacks on Office have increased more than fourfold, as it was once the target of just 16 percent of attacks in 2016.

Today, web vulnerabilities represent only 14 percent of attacks. The team said exploiting browser holes is more costly for criminals and browsers makers have upped their security game, making browsers a more difficult target. Office has become the new darling on the criminal network.

The presentation also revealed none of the top most exploited vulnerabilities are in Office itself. Rather, the vulnerabilities exist in related components, they report. This includes CVE-2017-11882 and CVE-2018-0802, which are in the software’s legacy Equation Editor component and among the most heavily exploited.

Exploits Now Simpler, Quicker to Appear

Researchers also explained that the market for bugs has changed and is simplified. The turnaround time on exploits has shortened considerably. Once a proof of concept is made public, an exploit is available in as a little as a few hours in today’s criminal system.

“Once a technical report for a vulnerability goes public, an exploit for it appears on the dark market in a matter of days,” Kaspersky said in a release on the findings. “Bugs themselves have become much less complex, and sometimes a detailed write-up is all a cybercriminal needs to build a working exploit.”

Researchers also say their work finds malware authors prefer simple, logical bugs because they are reliable and work in every version of Word released in the past 17 years. For example, the equation editor binary did not have the same level of protection than an app built today would have, so it was easy to exploit, requiring no advanced skills on the part of the hacker.

Office Will Remain Hot With Hackers

With a massive attack surface for criminals to explore and new exploits popping up almost daily, Kaspersky researchers noted they expect to see continued Office exploits. Legacy features are particularly desirable targets and the pervasiveness of the software in office environments globally means it will continue to be a popular target among criminals.

“From a security point of view, many decisions Microsoft made when it created Office simply look bad now, but changing them would devastate backward compatibility,” Kaspersky said.

The best protection will continue to be keeping software patched and updated and educating users about clicking on potentially bad links. Get other tips for enhancing Office security here.

Joan Goodchild

Avatar photo

Joan Goodchild

Joan is a veteran journalist, editor and writer who has been covering security for more than a decade. She has written for several publications and previously served as editor-in-chief for CSO Online.

joan-goodchild has 37 posts and counting.See all posts by joan-goodchild

Cloud Workload Resilience PulseMeter

Step 1 of 8

How do you define cloud resiliency for cloud workloads? (Select 3)(Required)