Among the many operating systems (OS), Microsoft office is the leading platform being targeted by cybercriminals when carrying out attacks. The number of cyber attacks has increased, and Kaspersky Lab researchers stated it in the annual conference, Security Analyst Summit held in Singapore.
Among the few, Alexander Liskin, Boris Larin and Vlad Stolyarov projected that the threat has increased in the past two years and have highly pressured users to keep their software up-to-date and to avoid downloading and opening files from untrusted sources to reduce the risk of virus and malware infections.
The report claims more than 70% of the entire attacks Kaspersky Lab caught are targeting “Microsoft office,” amongst which only 14% take advantage of browser issues. Not long ago, it was the opposite as Web-based loopholes accounted for 45% of the total attacks while Microsoft had a smaller share of 16%.
However, Researchers state that hacking browser has been a difficult task and browser creators are putting extra effort into different security options to keep Microsoft safe. Researcher Liskin further said, there are more reasons why the cybercriminals opt to attack Microsoft as it offers and supports different kind of file formats, that is rooted in the “Windows” operating system.
- Microsoft Office is a top target for malware devs
- Slack joins forces with Microsoft Office 365
- Hackers publish details on critical Magento flaw
Microsoft Office vulnerabilities
When the giant Microsoft introduced ‘Office,’ the design was not based on the security aspect; instead on the feasibility. The researchers also pointed out that the worst exploited issues present in the past two years were not included in the MS Office but in the smaller components of it.
Two major vulnerabilities included:
These two bugs are the worst of their kind found in the Equation Editor. Cybercriminals use them because these are found in majority of the ‘Microsoft Word’ released in the past decade. Also, exploiting these vulnerabilities does not require extensive knowledge and skill as the Equation Editor binary lacks current protective methods.
Utilizing Internet Explorer to penetrate Office
In light of the issue occurred, there is another surprising vulnerability which is (CVE-2018-8174). This particular vulnerability was present in the Internet Explorer but was found in the “Microsoft Office files” that made it very unusual. Larin said, the shady file was sent as an obfuscated RTF document, and the first ever hack that used Internet Explorer to hack Microsoft Office.
The process of this serious infection goes through three steps:
First, the victim of the process opens a malicious file. Right after opening the file, the victim enters the second stage as the file is downloaded that contains the HTML page infected with VBScript code. The third stage is the “use after free UAF” vulnerability that uses shellcode.
UAF bugs is a common memory corruptor that has previously been successful in exploiting browsers and injecting malware into it. This process works by ‘referencing memory’ after it has been opened (freed) that ultimately causes the browser software to crash which gives room to the hacker to inject the code. This is a cruel way to harvest and takes control of the browser which makes it dysfunction while running.
There is a common dilemma which users fail to understand. Every search that we make on the browser is recorded in the form of a cache or cookie. These cookies are at the back end of the browser which can be seen and used against the user to target ads. Users are advised to avoid the above habits and to consult online privacy and security settings to make sure they know what they are getting into.
This can also help in preventing fraudulent issues in the Microsoft Office.
Cybercriminals taking advantage of Microsoft vulnerabilities
Larin, Liskin, and Stolyaroz emphasize on the cases they have studied because it's alarming how the cybercriminals operate and hack Microsoft Office. A majority of the incidents start with one of Microsoft Office Suite “zero-day.” As soon as the hack goes public, the exploit later appears on the Dark Web as well.
With the CVE-2017-11882 code, the process becomes faster as it was the first Office Equation Editor that was found by the Kaspersky Lab researchers. Unless Microsoft comes with a solid fix, the Microsoft Office vulnerabilities will become persistent and common in the future as more hackers will target the platform.
As a solution, it is always advised to continually keep a check on the software updates and keep automatic updates switched on. The update will allow fixing the loopholes present in the browser in the form of bugs and malware.
Further, keep a close eye on suspicious files received through email as opening those email or email attachments will inject a malicious virus in your browser. Just as Gmail hosts a feature where it automatically notifies suspicious emails, users need to be sure before opening a link if that source is trustable or not.
The future of the Microsoft Office remains uncertain as the issues discovered by researchers pose a significant threat to files and services connected and linked to “Office.”
Terry Higgins, Marketing Director at AllBestVPN
- We've also highlighted the best Office alternatives