Kaspersky: Exploits for MS Office Flaws Most Popular in Q1 2021
Exploits for vulnerabilities in Microsoft’s Office suite were the most popular among cyber-attackers during the first quarter of this year, according to a new Kaspersky report.
Microsoft Office exploits accounted for more than half (59%) of the observed exploits, with CVE-2017-11882 (a stack buffer overflow in the Equation Editor component) remaining the most commonly targeted vulnerability.
Additionally, exploits for vulnerabilities such as CVE-2015-2523 (use-after-free in Excel) and CVE-2018-0802 (memory corruption leading to remote code execution) were also highly popular, which, given the age of this security flaws, once again underlines the need for timely patches.
The quarter also brought to light numerous zero-day vulnerabilities impacting Microsoft Exchange Server, Windows kernel, the Microsoft Defender antivirus engine, Internet Explorer, and Google Chrome (multiple zero-days were patched in the browser).
Other vulnerabilities that made it to the headlines during the first three months of 2021 include a critical flaw in VMware vCenter Server, SolarWinds Orion bugs, a zero-day vulnerability in Adobe Reader, and several security holes in the Windows networking stack code, patched in February.
MacOS users were also targeted during the first quarter of the year, with the exposure of the first piece of malware to target newly released MacBooks with M1 processors. Other malware families too received updates to target new machines.
In Q1 2021, most of the attacks on Internet of Things (IoT) devices targeted the Telnet protocol (69.48 percent), with the remaining threats focused on brute-forcing SSH (30.52 percent), Kaspersky reveals in its report on Q1 2021 IT threats.
During the first three months of the year, Kaspersky’s products blocked over 2 billion attacks coming from online resources and recognized as malicious roughly 634 million unique URLs.
The company’s products stopped financial malware on the computers of 118,099 unique users – showing a continuous decline in the use of such threats – while ransomware attacks were registered on the machines of 91,841 unique users.
In addition to threatening victims with making stolen data public and with launching distributed denial of service attacks on them, ransomware operators added new tactics to increase extortion leverage, with the REvil (Sodinokibi) operators employing spam and calls to clients and partners of victim organizations.
As per Kaspersky’s report, users in Belarus were exposed the most to attacks involving malware, followed by those in Ukraine, Moldova, Kyrgyzstan, and Latvia.