Microsoft Office flaws exploited in nearly 80% of malware attacks

One quarter after another, Microsoft Office remains the most widely exploited software for malware delivery. The primary reason is that a significant portion of Office users delay essential security updates, which keeps the doors open for fraudsters to inject malicious code through various loopholes, even if they are already known publicly.

Data presented by Atlas VPN shows that in Q1 2022, as many as 78.5% of malware targets Microsoft Office vulnerabilities.

While Securelist, the online warehouse for malware research from Kaspersky, does not share malware statistics for Q4 2021, they provide data for Q3 2021, revealing that Microsoft Office was targeted in 60.68% of attacks back then. Based on the findings, it is safe to say that hackers abuse Microsoft Office more and more.

As it is shown in the graph, the main difference between Q1 2022 and Q3 2021 is found in percentage changes regarding Office and browser exploits.

Researchers believe browser exploits are becoming increasingly rare because they get updated automatically, which is not the case for Microsoft Office.

Hackers primarily target users that do not follow the basic cybersecurity practices of patching their software as soon as the update is available.

Since Office is used by over one billion people from across the world, coupled with the fact that security updates can be delayed, it’s no surprise to see it at the top of the list.

Most abused flaws remain the same

Another important finding is that the majority of vulnerabilities are known publicly, and the most abused ones remain the same.

The primary vulnerabilities are CVE-2018-0802 and CVE-2017-8570, with another well-known vulnerability being CVE-2017-11882. All of the aforementioned flaws allow infection of the system, which then subsequently executes commands on behalf of the user.

These vulnerabilities were at the top of the list in Q3 2021 and Q1 2022, even though security updates that patch these issues have been available for quite some time.

On the other hand, flaws in browsers are cleared up automatically, which explains the percentage decrease.

Interestingly, Android, Adobe Flash, Java, and PDF exploits remain in exactly the same order with barely any changes in percentages.

For Q3 2021, the third spot goes to Android (5.36%), then Adobe Flash (3.41%), with Java (2.98%) slightly behind and PDF (2.79%) rounding up the list.

During Q1 2022, the order remains unchanged; third on the list are exploits for Android (4.1%), followed by Adobe Flash (3.49%), Java (3.48%), and PDF (2.79%).

The closing statement is relatively simple yet important - a few clicks of a button, together with several minutes of updates, can help to avoid nearly 80% of attacks in the current cyber threat landscape.

For readers interested in getting acquainted with the wider view of the current state of affairs in cybersecurity, head over to our 60 Worrying Cybercrime Statistics & Facts for H1 2022 page for more details.