Security Experts:

Connect with us

Hi, what are you looking for?


Application Security

Kaspersky: Exploits for MS Office Flaws Most Popular in Q1 2021

Exploits for vulnerabilities in Microsoft’s Office suite were the most popular among cyber-attackers during the first quarter of this year, according to a new Kaspersky report.

Exploits for vulnerabilities in Microsoft’s Office suite were the most popular among cyber-attackers during the first quarter of this year, according to a new Kaspersky report.

Microsoft Office exploits accounted for more than half (59%) of the observed exploits, with CVE-2017-11882 (a stack buffer overflow in the Equation Editor component) remaining the most commonly targeted vulnerability.

Additionally, exploits for vulnerabilities such as CVE-2015-2523 (use-after-free in Excel) and CVE-2018-0802 (memory corruption leading to remote code execution) were also highly popular, which, given the age of this security flaws, once again underlines the need for timely patches.

The quarter also brought to light numerous zero-day vulnerabilities impacting Microsoft Exchange Server, Windows kernel, the Microsoft Defender antivirus engine, Internet Explorer, and Google Chrome (multiple zero-days were patched in the browser).

Other vulnerabilities that made it to the headlines during the first three months of 2021 include a critical flaw in VMware vCenter Server, SolarWinds Orion bugs, a zero-day vulnerability in Adobe Reader, and several security holes in the Windows networking stack code, patched in February.

MacOS users were also targeted during the first quarter of the year, with the exposure of the first piece of malware to target newly released MacBooks with M1 processors. Other malware families too received updates to target new machines.

In Q1 2021, most of the attacks on Internet of Things (IoT) devices targeted the Telnet protocol (69.48 percent), with the remaining threats focused on brute-forcing SSH (30.52 percent), Kaspersky reveals in its report on Q1 2021 IT threats.

During the first three months of the year, Kaspersky’s products blocked over 2 billion attacks coming from online resources and recognized as malicious roughly 634 million unique URLs.

The company’s products stopped financial malware on the computers of 118,099 unique users – showing a continuous decline in the use of such threats – while ransomware attacks were registered on the machines of 91,841 unique users.

In addition to threatening victims with making stolen data public and with launching distributed denial of service attacks on them, ransomware operators added new tactics to increase extortion leverage, with the REvil (Sodinokibi) operators employing spam and calls to clients and partners of victim organizations.

As per Kaspersky’s report, users in Belarus were exposed the most to attacks involving malware, followed by those in Ukraine, Moldova, Kyrgyzstan, and Latvia.

Related: Europol Report Highlights Pandemic’s Effect on Cybercrime

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...


The North Korean APT tracked as TA444 is either moonlighting from its previous primary purpose, expanding its attack repertoire, or is being impersonated by...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.