Software exploiting Microsoft Office vulnerabilities leads the list of cyber incidents for the first quarter of this year.
The number of users attacked by malicious Microsoft Office documents is up 400%, compared to the same period of 2017, according to the latest Kaspersky Lab report.
Also, such attacks based on software vulnerabilities are powerful because they do not require any further interaction with the user and may even automatically infect their malicious code.
That's why both everyday cybercriminals, as well as organized hacker groups often supported by nation-states, are happy to use it.
This year the number of such attacks has increased considerably. These sneaky malware variations are mainly aimed at the most popular document editing program, Microsoft Office.
Experts identified at least a dozen malicious code last year that have exploited Microsoft Office vulnerabilities, which is a lot more the Adobe Flash player is responsible for.
Soon as the cybercriminals are aware of a vulnerability, they create a malicious code that can be used immediately. The delivery method usually is a good old fashion spear-phishing attack. This is an increasingly widespread form of phishing attacks by which data collected from the target can be used to launch a more effective assault. Phishing is designed to trick victims to access a malicious attachment or link that could hurt the network or infect devices.
The main problem is that users often neglect to install software updates and patches. While vendors are usually patching vulnerabilities, users don't always fix them right away, which can lead to a massive cyber-attack wave as hackers become aware of these security holes.
The single most important thing to avoid this is to update your software and devices and make sure your security software is working correctly.
Until next time, stay safe…