A report by Kaspersky, a global cybersecurity and data privacy company shows that 547,000 users of the Microsoft Office have been targeted by cybercriminals in Q2, 2022.
The attack, according to the company, was made on the old version of the Microsoft Office. The figure shows an octuple (8×) in the number of attacks on Microsoft Internet explorer as against Q1.
How long has this been on?
The possibility of exploitation of the software’s vulnerability (zero-day) was discovered by Kaspersky who filed a report to safeguard the Office in September, 2021.
Moreso, In 2017, there was a zero-day attack on the Microsoft Word software. Hackers used a malware called ‘Dridex banker trojan’ to exploit a vulnerable version of the application. Microsoft then released a patch that succeeded in blocking malicious attachments and offered filtering solutions for its user and customer environment.
However, these are not the only vulnerable episodes that Microsoft has been exposed to. Infact, Microsoft has a monthly Patch Tuesday where it releases reports on fixed bugs. The August 2022 patch count includes 141 patches.
Possible risks:
Kaspersky stated that a vulnerability in the Internet Explorer was “previously exploited during attacks on organisations in the research and development, energy and industrial sectors, financial and medical technology, as well as telecommunications and IT.”
This vulnerability could allow attackers to infect computers with malwares including spywares, ransomwares, adwares and computer viruses which compromises the security of machines, violates privacy of users and leads to breach of data.
The timeframe of the zero-day further increases the chances attackers have to exploit target systems.
Placing cybersecurity measures in the spotlight
There are now over 1 billion malware programs and 1 out of 4 companies fall victim to ransomware attacks globally.
PCs stand more chances of being attacked than Androids because the Android applications are majorly verified by Play Store. Some malicious apps however, still slip in through the screening for apps.
For instance, Avast reported 47 adwares on the Play Store which had been downloaded more than 15 million times collectively. Jakub Vávra, threat analyst at Avast said, “Campaigns like HiddenAds may slip into the Play Store by obfuscating their true purpose or slowly introducing malicious features once already downloaded by users.”
More cyber security measures are springing up to fix these vulnerabilities (software patch). This rate drives a further need to safeguard systems on personal levels. To guard machines from malwares, the following is recommended:
- The installation of necessary firewalls such as Fortuner, Cisco and antiviruses like Norton and Bitdefender.
- Regular updates of applications even before given time to prevent risk of exposure.
- A background check before granting apps permission.
- Avoid pop-up windows that request to update or download softwares.
- Limiting file-sharing.
Most application softwares run on web codes that are easily exposed unlike in system software where applications are inbuilt. Caution will have to be exercised to safeguard computers.
Kaspersky’s malware analyst Alexander Kolesnikov, stated that “since the vulnerability is quite easy to use, we expect an increase in its exploitation. Criminals craft malicious documents and convince their victims to open them through social engineering techniques. The Microsoft Office application then downloads and executes a malicious script.”
The threat of this requires expedient action to prevent the damages caused by malwares. Kolesnikov said to be on the safe side, “it is vital to install the vendor’s patch, use security solutions capable of detecting vulnerability exploitation, and to keep employees aware of modern cyberthreats.”
