The Russian cybersecurity company Kaspersky says the number of vulnerability exploits in the package Microsoft Office increased worldwide compared to the first quarter of 2022. In the second quarter of 2022, these exploits accounted for 82% of the total number of exploits across different platforms.
The company says that the META region (Middle East, Turkey and Africa) has also seen an increase in attacks via MS Office vulnerabilities. MS Office vulnerabilities CVE-2021-40444 , CVE-2017-0199 , CVE-2017-11882 e CVE-2018-0802 were used by criminals more frequently during the second quarter, being exploited to attack more than 551.000 users in total.
Those attempts recorded in the report were countered by Kaspersky solutions. The company says that if the attackers were successful, they would gain control over victims' computers to view, change or delete data without their knowledge through remote execution of malicious code.
BUT: Investments in digital solutions in sub-Saharan Africa come with cyberextortion
Microsoft Office vulnerabilities exploited across Africa
In Kenya, the number of users attacked by these vulnerabilities in the Microsoft Office suite in the last quarter increased by 20%.
Nigeria saw a 9% increase in the number of users being attacked. In South Africa, the number of users attacked by these vulnerabilities decreased by 3% in the second quarter compared to the first quarter, however, the upward trend in the number of these attacks worldwide keeps security operations centers on their toes.
Kaspersky experts found that exploits of the vulnerability, designated CVE-2021-40444 , were used to attack nearly 5.000 people worldwide in Q2022 2022, eight times more than in QXNUMX XNUMX.
CVE-2021-40444 is a vulnerability in MSHTML, Internet Explorer engine. Internet Explorer is part of Microsoft's operating systems, as some Windows software relies on its engine to work with online content – for example, Microsoft Office components.
“As CVE-2021-40444 is so user-friendly, we expect an increase in its exploitation globally. Criminals create malicious documents and convince their victims to open them through social engineering techniques,” comments Alexander Kolesnikov, malware analyst at Kaspersky.
“The Microsoft Office application downloads and executes a malicious script. To ensure security, it is vital to install the vendor patch, use security solutions capable of detecting exploits, and keep employees aware of modern cyber threats.”
