Kaspersky’s to the latest quarterly malware report According to the report, the number of exploits for vulnerabilities in Microsoft Office suites increased in Q2 2022 compared to Q1. These account for 82 percent of the total exploitation rate across platforms. In the META region, attacks against MS Office vulnerabilities increased.

MS Office vulnerabilities CVE-2021-40444, CVE-2017-0199, CVE-2017-11882, and CVE-2018-0802 were extensively exploited by cybercriminals in Q2 and were exploited to attack a total of more than 551,000 users. In Turkey, the number of users attacked through these vulnerabilities in the Microsoft Office suite increased by 17 in the last quarter.

Kaspersky’s security solutions have been able to counteract these attempts. If the attackers were successful, they would be able to view, modify, and delete data on their victims’ computers by remotely executing the malicious code.

Kaspersky experts found that the vulnerability, called CVE-2021-40444, was used to attack about 5,000 people worldwide in the second quarter of 2022. That’s eight times more than in the first quarter of 2022. CVE-2021-40444, a vulnerability in the Internet Explorer engine MSHTML, is being distributed as part of the operating system because it’s exploited by Microsoft Office and other software.

Kaspersky Security Analyst Alexander Kolesnikovsay: “CVE-2021-40444 is very easy to use. Therefore, we expect an increase in global usage. Criminals create malicious documents and convince victims to open them using social engineering techniques. The Microsoft Office application downloads and then runs a malicious script. To ensure your security, it is essential to install the necessary patches, use security solutions that can detect this vulnerability and keep employees informed about today’s cyber threats.”

You can read more about malware attacks in Q2 2022 on Securelist.

To prevent attacks via Microsoft Office vulnerabilities, Kaspersky researchers recommend the following measures:

• Give your SOC team access to the latest Threat Intelligence (TI). Kaspersky Threat Intelligence Portal is the hot spot for the company’s TI that provides data and insights on cyber attacks that Kaspersky has collected over the past 20 years. To help companies defend themselves effectively in these turbulent times, Kaspersky provides free access to independent, constantly updated and globally obtained information about ongoing cyber-attacks and threats. You can request access here.
• Stay informed about threats and the TTPs used by attackers.
• We recommend that companies use a security solution that provides vulnerability management components, such as Automatic Exploit Prevention in Kaspersky Endpoint Security for Business. This component checks suspicious actions of applications and blocks execution of malicious files.
• Use solutions such as Kaspersky Endpoint Detection and Response and Kaspersky Managed Detection and Response that help detect and prevent attacks early, before attackers reach their target.

Source: (BYZHA) – Beyaz News Agency