Attacks that leverage exploits found in Microsoft Office grew by fourfold during Q1 2018 according to new research from Kaspersky Lab.
The security firm's Q1 IT threat evolution report shed light on how cyber attackers are taking advantage of exploits in the popular word processing program to target users with malicious documents.
Attacks based on exploits are very powerful since they do not require user interaction and can deliver malicious code discreetly. This is why both nation-backed state actors and cybercriminals looking for profit utilise them when carrying out attacks on unsuspecting users.
During the first quarter of this year, there was a massive inflow of these exploits which Kaspersky Lab experts predict is likely the peak of a longer trend. The firm identified at least ten in-the-wild exploits for Microsoft Office software during 2017-2018 compared to two zero-day exploits for Adobe Flash player used during the same time period.
Principal Security Researcher at Kaspersky Lab, David Emm offered further insight on the findings of the report, saying:
“The growth of the threat landscape in the first quarter of 2018 has highlighted how the lack of patch management is becoming one of the most threatening cyber-dangers. Though vendors tend to issue patches for identified vulnerabilities, users often can’t – or don’t – update their products before the cyber-criminals have been made aware of, and acted upon, the vulnerabilities.”
To prevent falling victim to a malicious Word document it is advised that you regularly update your software and refrain from opening email attachments from unknown senders.
Cybercriminals will likely continue to utilise these and other exploits in their attacks due to how powerful they are and to protect ourselves we must remain vigilant.
Image Credit: Gil C / Shutterstock