70 percent of attacks in the fourth quarter of 2018 aimed Office. Microsoft Office target for cybercriminals
Microsoft Office Target for Cybercriminals:
Microsoft isn’t completely responsible. In fact, none of the top greatest exploited vulnerabilities are in Office itself but slightly, exist in linked components. Still, the Redmond tech giant does accept some of the blame due to decisions made when building Office.
Also Read: Review on Samsung Galaxy S10
Kaspersky at its modern Security Analyst Summit (SAS) shared a trend that amazed even its own researchers.
In the fourth section of 2016, cybercriminals mostly preferred web-based vulnerabilities that could be exploited via browser software. Just two years delayed in the fourth quarter of 2018. The security company found that Microsoft Office is now POINTED in a whopping 70 percent of hits.
Browsers accounted for 45-percent of attacks in 2016; now, that character is down to just 14 percent.
Kaspersky observed that the turnaround time for exploiting a vulnerability has reduced substantially. Totaling that malware authors now prefer simple, logical bugs. This is apparent by looking at the most exploited bugs in Office: equation editor vulnerabilities CVE-2018-0802 and CVE-2017-11882.
Simply put, they are trustworthy and work in every version of Word released in the previous 17 years. And, most significant, building an exploit for either one needs no advanced skills. That’s why the equation editor binary didn’t have any of the new protections and mitigations you’d assume from an application in 2018.
Also See: Google Snake Game
The trouble, Kaspersky said, is that Office’s attack surface is massive. What’s more, some of the conclusions Microsoft made when building Office. Now look flat out bad but changing them would “devastate backward compatibility.”
Threat intelligence company noted Future last month found that eight of the top 10 vulnerabilities in 2018 directed Microsoft products.