Microsoft Office now the most targeted platform, as browser security improves

The number of attacks carried out using the popular suite has increased in the past two years, Kaspersky Lab researchers say.

Microsoft Office has become cybercriminals’ preferred platform when carrying out attacks, and the number of incidents keeps increasing, Kaspersky Lab researchers said during the company’s annual conference, Security Analyst Summit, in Singapore. Boris Larin, Vlad Stolyarov and Alexander Liskin showed that the threat landscape has changed in the past two years and urged users to keep their software up-to-date and to avoid opening files that come from untrusted sources to reduce the risk of infection.

Today, more than 70% of all the attacks Kaspersky Lab catches are targeting Microsoft Office, and only 14% take advantage of browser vulnerabilities. Two years ago, it was the opposite: Web-based vulnerabilities accounted for 45% of the attacks, while Microsoft Office had a 16% share.

ms office vulns 1 Andrada Fiscutean

Kaspersky researchers presented data showing increase in Microsoft Office exploits since 2016

Researchers said that this is because hacking browsers has become more expensive, as browser security has improved. “Browser developers put much effort into different kinds of security protections and mitigations,” Liskin said. “Attackers were looking for a new target, and MS Office has become a star.”

Liskin added that there are plenty of reasons why cybercriminals choose to attack the popular suite. “Microsoft Office has a huge number of different file formats," he said. "It is deeply integrated into the Windows operating system."

To continue reading this article register now

FREE Download: Get the Spring 2019 digital issue of CSO magazine today!