Your IT Consultant

Attacks on Microsoft Office Rising

April 23, 2019

Browser security is getting better and better. As a result, the bad guys have shifted their focus to Microsoft Office. At Kaspersky’s annual conference, researchers showed the changes in the threat landscape over the last two years. CSO reported that more than 70% of all the attacks Kaspersky Lab catches are targeting Microsoft Office, and only 14% take advantage of browser vulnerabilities. Two years ago was a different story. Web-based vulnerabilities accounted for 45% of the attacks, while Microsoft Office had a 16% share.

Hacking browsers has become more expensive, thereby shifting focus to Microsoft Office. The Kaspersky researchers point out that the attacks are not directly on Microsoft Office but two related components. Two of the vulnerabilities exploit bugs found in Equation Editor. Cybercriminals prefer to use them because they can be found in every version of Microsoft Word released in the past 17 years. That’s a pretty wide attack surface. The recommendation is to install security solutions and updates as well as not opening links or files from untrusted sources.

Email:   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://senseient.com