Connect with us

Hi, what are you looking for?


Application Security

Kaspersky: Exploits for MS Office Flaws Most Popular in Q1 2021

Exploits for vulnerabilities in Microsoft’s Office suite were the most popular among cyber-attackers during the first quarter of this year, according to a new Kaspersky report.

Exploits for vulnerabilities in Microsoft’s Office suite were the most popular among cyber-attackers during the first quarter of this year, according to a new Kaspersky report.

Microsoft Office exploits accounted for more than half (59%) of the observed exploits, with CVE-2017-11882 (a stack buffer overflow in the Equation Editor component) remaining the most commonly targeted vulnerability.

Additionally, exploits for vulnerabilities such as CVE-2015-2523 (use-after-free in Excel) and CVE-2018-0802 (memory corruption leading to remote code execution) were also highly popular, which, given the age of this security flaws, once again underlines the need for timely patches.

The quarter also brought to light numerous zero-day vulnerabilities impacting Microsoft Exchange Server, Windows kernel, the Microsoft Defender antivirus engine, Internet Explorer, and Google Chrome (multiple zero-days were patched in the browser).

Other vulnerabilities that made it to the headlines during the first three months of 2021 include a critical flaw in VMware vCenter Server, SolarWinds Orion bugs, a zero-day vulnerability in Adobe Reader, and several security holes in the Windows networking stack code, patched in February.

MacOS users were also targeted during the first quarter of the year, with the exposure of the first piece of malware to target newly released MacBooks with M1 processors. Other malware families too received updates to target new machines.

In Q1 2021, most of the attacks on Internet of Things (IoT) devices targeted the Telnet protocol (69.48 percent), with the remaining threats focused on brute-forcing SSH (30.52 percent), Kaspersky reveals in its report on Q1 2021 IT threats.

Advertisement. Scroll to continue reading.

During the first three months of the year, Kaspersky’s products blocked over 2 billion attacks coming from online resources and recognized as malicious roughly 634 million unique URLs.

The company’s products stopped financial malware on the computers of 118,099 unique users – showing a continuous decline in the use of such threats – while ransomware attacks were registered on the machines of 91,841 unique users.

In addition to threatening victims with making stolen data public and with launching distributed denial of service attacks on them, ransomware operators added new tactics to increase extortion leverage, with the REvil (Sodinokibi) operators employing spam and calls to clients and partners of victim organizations.

As per Kaspersky’s report, users in Belarus were exposed the most to attacks involving malware, followed by those in Ukraine, Moldova, Kyrgyzstan, and Latvia.

Related: Europol Report Highlights Pandemic’s Effect on Cybercrime

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...