By : Wael Elhosany - Mohamed Elttar

In Q2 2022 the number of exploits for vulnerabilities in the Microsoft Office suite increased globally compared to Q1 – accounting for 82% of the total number of exploits across different platforms, according to the latest Kaspersky quarterly malware report. The META region also saw an increase in the attacks via MS Office vulnerabilities.

MS Office vulnerabilities CVE-2021-40444, CVE-2017-0199, CVE-2017-11882 and CVE-2018-0802 were used by criminals most often during the second quarter, being exploited to attack more than 551,000 users in total. These attempts were countered by Kaspersky’s solutions; if the attackers had succeeded, they would have got control over victims’ computers to view, change, or delete data without their knowledge through remote execution of malicious code.

 In the Middle East, the number of users attacked through these vulnerabilities in the Microsoft Office suite over the last quarter remained relatively stable increasing by 1%, however, the prominent upward trend in the number of such attacks at the global level keeps security operations centers on alert.

Kuwait saw a 20% increase in the number of attacked users in Q2 compared to Q1. In Oman, there was a 14% increase. In Saudi Arabia, the increase was 3%, in Bahrain – also 3%. In Qatar, the number of users attacked grew by 1%, and in the United Arab Emirates the number decreased by 1%.

Kaspersky experts found that exploits for the vulnerability, designated CVE-2021-40444, were used to attack almost 5,000 people globally in Q2 2022, which is eight times more than during Q1 2022. The CVE-2021-40444 is a vulnerability in MSHTML, Internet Explorer’s engine. This web browser is a part of operating systems, as some software relies on its engine for working with online content – for instance, it is used by the components of the Microsoft Office.

“Since CVE-2021-40444 is quite easy to use, we expect an increase in its exploitation globally. Criminals craft malicious documents and convince their victims to open them through social engineering techniques. The Microsoft Office application then downloads and executes a malicious script. To be on the safe side, it is vital to install the vendor’s patch, use security solutions capable of detecting vulnerability exploitation, and to keep employees aware of modern cyberthreats,” comments Alexander Kolesnikov, malware analyst at Kaspersky.

Read more about malware attacks in Q2 2022 on Securelist.com.

In order to prevent attacks via Microsoft Office vulnerabilities, Kaspersky researchers recommend implementing the following measures:

Provide your SOC team with access to the latest threat intelligence (TI). The Kaspersky Threat Intelligence Portal is a single point of access for the company’s TI, providing cyberattack data and insights gathered by Kaspersky over the past 20 years.