Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Kaspersky: Exploits for MS Office Flaws Most Popular in Q1 2021

Exploits for vulnerabilities in Microsoft’s Office suite were the most popular among cyber-attackers during the first quarter of this year, according to a new Kaspersky report.

Exploits for vulnerabilities in Microsoft’s Office suite were the most popular among cyber-attackers during the first quarter of this year, according to a new Kaspersky report.

Microsoft Office exploits accounted for more than half (59%) of the observed exploits, with CVE-2017-11882 (a stack buffer overflow in the Equation Editor component) remaining the most commonly targeted vulnerability.

Additionally, exploits for vulnerabilities such as CVE-2015-2523 (use-after-free in Excel) and CVE-2018-0802 (memory corruption leading to remote code execution) were also highly popular, which, given the age of this security flaws, once again underlines the need for timely patches.

The quarter also brought to light numerous zero-day vulnerabilities impacting Microsoft Exchange Server, Windows kernel, the Microsoft Defender antivirus engine, Internet Explorer, and Google Chrome (multiple zero-days were patched in the browser).

Other vulnerabilities that made it to the headlines during the first three months of 2021 include a critical flaw in VMware vCenter Server, SolarWinds Orion bugs, a zero-day vulnerability in Adobe Reader, and several security holes in the Windows networking stack code, patched in February.

MacOS users were also targeted during the first quarter of the year, with the exposure of the first piece of malware to target newly released MacBooks with M1 processors. Other malware families too received updates to target new machines.

In Q1 2021, most of the attacks on Internet of Things (IoT) devices targeted the Telnet protocol (69.48 percent), with the remaining threats focused on brute-forcing SSH (30.52 percent), Kaspersky reveals in its report on Q1 2021 IT threats.

During the first three months of the year, Kaspersky’s products blocked over 2 billion attacks coming from online resources and recognized as malicious roughly 634 million unique URLs.

Advertisement. Scroll to continue reading.

The company’s products stopped financial malware on the computers of 118,099 unique users – showing a continuous decline in the use of such threats – while ransomware attacks were registered on the machines of 91,841 unique users.

In addition to threatening victims with making stolen data public and with launching distributed denial of service attacks on them, ransomware operators added new tactics to increase extortion leverage, with the REvil (Sodinokibi) operators employing spam and calls to clients and partners of victim organizations.

As per Kaspersky’s report, users in Belarus were exposed the most to attacks involving malware, followed by those in Ukraine, Moldova, Kyrgyzstan, and Latvia.

Related: Europol Report Highlights Pandemic’s Effect on Cybercrime

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Shane Barney has been appointed CISO of password management and PAM solutions provider Keeper Security.

Edge Delta has appointed Joan Pepin as its Chief Information Security Officer.

Vats Srivatsan has been appointed interim CEO of WatchGuard after Prakash Panjwani stepped down.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.