Exploits for vulnerabilities in Microsoft’s Office suite were the most popular among cyber-attackers during the first quarter of this year, according to a new Kaspersky report.
Microsoft Office exploits accounted for more than half (59%) of the observed exploits, with CVE-2017-11882 (a stack buffer overflow in the Equation Editor component) remaining the most commonly targeted vulnerability.
Additionally, exploits for vulnerabilities such as CVE-2015-2523 (use-after-free in Excel) and CVE-2018-0802 (memory corruption leading to remote code execution) were also highly popular, which, given the age of this security flaws, once again underlines the need for timely patches.
The quarter also brought to light numerous zero-day vulnerabilities impacting Microsoft Exchange Server, Windows kernel, the Microsoft Defender antivirus engine, Internet Explorer, and Google Chrome (multiple zero-days were patched in the browser).
Other vulnerabilities that made it to the headlines during the first three months of 2021 include a critical flaw in VMware vCenter Server, SolarWinds Orion bugs, a zero-day vulnerability in Adobe Reader, and several security holes in the Windows networking stack code, patched in February.
MacOS users were also targeted during the first quarter of the year, with the exposure of the first piece of malware to target newly released MacBooks with M1 processors. Other malware families too received updates to target new machines.
In Q1 2021, most of the attacks on Internet of Things (IoT) devices targeted the Telnet protocol (69.48 percent), with the remaining threats focused on brute-forcing SSH (30.52 percent), Kaspersky reveals in its report on Q1 2021 IT threats.
During the first three months of the year, Kaspersky’s products blocked over 2 billion attacks coming from online resources and recognized as malicious roughly 634 million unique URLs.
The company’s products stopped financial malware on the computers of 118,099 unique users – showing a continuous decline in the use of such threats – while ransomware attacks were registered on the machines of 91,841 unique users.
In addition to threatening victims with making stolen data public and with launching distributed denial of service attacks on them, ransomware operators added new tactics to increase extortion leverage, with the REvil (Sodinokibi) operators employing spam and calls to clients and partners of victim organizations.
As per Kaspersky’s report, users in Belarus were exposed the most to attacks involving malware, followed by those in Ukraine, Moldova, Kyrgyzstan, and Latvia.
Related: Europol Report Highlights Pandemic’s Effect on Cybercrime

More from Ionut Arghire
- North Korean Hackers Blamed for $35 Million Atomic Wallet Crypto Theft
- Cisco Patches Critical Vulnerability in Enterprise Collaboration Solutions
- Android’s June 2023 Security Update Patches Exploited Arm GPU Vulnerability
- US, Israel Provide Guidance on Securing Remote Access Software
- Blumira Raises $15 Million for SMB-Tailored XDR Platform
- KeePass Update Patches Vulnerability Exposing Master Password
- Google Workspace Gets Passkey Authentication
- Cybersecurity Startup Elba Raises €2.5 Million for Employee-Focused Product
Latest News
- Vulnerabilities in Honda eCommerce Platform Exposed Customer, Dealer Data
- North Korean Hackers Blamed for $35 Million Atomic Wallet Crypto Theft
- Cisco Patches Critical Vulnerability in Enterprise Collaboration Solutions
- Barracuda Urges Customers to Replace Hacked Email Security Appliances
- Android’s June 2023 Security Update Patches Exploited Arm GPU Vulnerability
- BBC, British Airways, Novia Scotia Among First Big-Name Victims in Global Supply-Chain Hack
- Sysdig Introduces CNAPP With Realtime CDR
- Stay Focused on What’s Important
