Content, Content

Nearly 75% of App Exploits Involve Microsoft Office

Nearly 75 percent of the most most commonly exploited applications worldwide in Q3 2019 were related to the Microsoft Office productivity suite, according to data gathered by PreciseSecurity.

Cyber criminals also exploited other applications, including browsers and operating systems, said the virus removal solutions provider. MS Office products were followed by browsers with 13.5% of the total number of cyber criminal exploits, Android with 9.1%, Java with 2.4%, Adobe Flash with 1.6% and PDF with less than one percent. (Note: Kaspersky and Statista are the sources for that data.)

Some of the most common vulnerabilities in MS Office were related to stack overflow errors in the Equation Editor application. Other vulnerabilities were CVE-2017-8570, CVE-2017-8759, and CVE-2017-0199. Another important vulnerability was related to a zero-day issue CVE-2019-1367 that produced memory corruption and allowed remote code execution on the target system.

“Many of these vulnerabilities found in the last quarter aimed at privilege escalation inside the system stem from individual operating system services and popular applications,” PreciseSecurity said in a blog post.

According to PreciseSecurity's data, the top five countries that are sources of web-based attacks (web pages with redirects to exploits, etc.) include the U.S. at 79%, followed by the Netherlands at 15.6%, Germany with 2.4%, France with 1.9% and Russia with 1 percent.

Some recent examples of MS Office exploits:

  • Two weeks ago, PhishLabs found that cybercriminals are using a malicious Microsoft Office 365 app to illegally access end user accounts and data. The phishing campaign involves the use of a phishing message that impersonates an internal SharePoint and OneDrive file-share.
  • A month earlier, McAfee Labs discovered that cybercriminals were using fake voicemail message to lure victims into entering their Microsoft Office 365 email credentials as part of a new phishing campaign.
  • In May 2019, the Department of Homeland Security (DHS) issued a Microsoft Office 365 cybersecurity memo stating that some IT consulting firms and MSPs (managed IT service providers) involved in Office 365 migrations were not properly securing the cloud productivity suite for customers and as a result weaken the platform’s security.
D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.