There has been a significant uptick in attacks involving malicious files using Microsoft Office document formats in 2023, according to research by Kaspersky.
Kaspersky's detection systems found a 53% increase in attacks using malicious Microsoft Office documents, and other popular document formats such as PDFs, in 2023.
Analysis from the firm’s annual Security Bulletin shows the average number of malicious files detected each day across 2023, with Kaspersky detecting almost 125 million malicious files in total.
Since 2019 this number has increased from around just over 340,000 to over 410,000 malicious files detected by Kaspersky in 2023.
Windows remains the top target for cyber criminals, the report said, representing 88% of all malware detected every day.
Trojans continue to be the most popular type of malware, and backdoor trojans are on the rise in 2023. The number of files identified as part of backdoor trojan attacks increased from 15,000 in 2022 to 40,000 in 2023.
Backdoors are a particularly dangerous attack method as they involve covertly bypassing authentication systems to secure remote access to a system, from which they can execute a wide range of functions such as encrypting data to elevating access privileges.
Kaspersky’s head of anti-malware research Vladimir Kuskov warned the threat landscape is continually evolving with novel tactics, techniques, and procedures (TTPs) being unlocked with the adoption of new technologies such as artificial intelligence (AI).
“The number of vulnerabilities reported is also growing annually, and threat actors including ransomware gangs use them without hesitating. Furthermore, the entry barrier into cyber crime is now being lowered due to the proliferation of AI, which attackers use, for example, to create phishing messages with more convincing texts.”
Threat actors abuse trust with Microsoft Office files
RELATED RESOURCE
Distinguish the difference between fact and fiction when it comes to preventing file-based threats
DOWNLOAD NOW
Using popular Microsoft Office file formats to disguise malware has been a popular attack vector over recent years, with a widespread phishing campaign recorded in 2020 using compromised Excel macros to gain remote access to users’ systems.
Another Microsoft Office-related exploit uncovered in 2021 involved sending emails with a malicious Word file attached as a corrupted RAR archive.
After this file was uncompressed and opened, it infected the user’s system with information-harvesting malware Formbook that steals credentials from browsers, collects screenshots, and logs keystrokes.
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Healthcare organizations need to shake up email security practicesNews Microsoft 365 is the source of almost half of all healthcare email breaches, thanks mainly to misconfigurations in security settings.
-
So long, Defender VPN: Microsoft is scrapping the free-to-use privacy tool over low uptakeNews Defender VPN, Microsoft's free virtual private network, is set for the scrapheap, so you might want to think about alternative services.
-
Hackers are on a huge Microsoft 365 password spraying spree – here’s what you need to knowNews A botnet made up of 130,000 compromised devices has been conducting a huge password spraying campaign targeting Microsoft 365 accounts.
-
Everything you need to know about the Microsoft Power Pages vulnerabilityNews A severe Microsoft Power Pages vulnerability has been fixed after cyber criminals were found to have been exploiting unpatched systems in the wild.
-
Microsoft is increasing payouts for its Copilot bug bounty programNews Microsoft has expanded the bug bounty program for its Copilot lineup, boosting payouts and adding coverage of WhatsApp and Telegram tools.
-
Hackers are using this new phishing technique to bypass MFA
News Microsoft has warned that a threat group known as Storm-2372 has altered its tactics using a specific ‘device code phishing’ technique to bypass MFA and steal access tokens.
-
A new phishing campaign is exploiting Microsoft’s legacy ADFS identity solution to steal credentials and bypass MFANews Researchers at Abnormal Security have warned of a new phishing campaign targeting Microsoft's Active Directory Federation Services (ADFS) secure access system.
-
Hackers are using Microsoft Teams to conduct “email bombing” attacksNews Experts told ITPro that tactics like this are on the rise, and employees must be trained effectively
