Rise in Microsoft Office vulnerabilities in the Middle East

In Q2 2022 the number of exploits for vulnerabilities in the Microsoft Office suite increased globally compared to Q1 – accounting for 82% of the total number of exploits across different platforms, according to the latest Kaspersky quarterly malware report. The META region has also seen an increase in attacks using Microsoft Office vulnerabilities.

MS Office vulnerabilities CVE-2021-40444, CVE-2017-0199, CVE-2017-11882, and CVE-2018-0802 were the most commonly exploited by criminals during the second quarter, affecting over 551,000 users in total. These attempts were foiled by Kaspersky’s solutions; if the attackers had succeeded, they would have gained control over victims’ computers and used remote execution of malicious code to view, change, or delete data without their knowledge.

The number of users affected by Microsoft Office vulnerabilities in Q2 2022, as well as the associated dynamics

The number of users attacked by these vulnerabilities in the Microsoft Office suite in the Middle East remained relatively stable over the last quarter, increasing by 1%; however, the prominent upward trend in the number of such attacks at the global level keeps security operations centers on high alert.

In Kuwait, the number of attacked users increased by 20% in Q2 compared to Q1. There was a 14% increase in Oman. The increase was 3% in Saudi Arabia and 3% in Bahrain. The number of users attacked increased by 1% in Qatar, while it decreased by 1% in the United Arab Emirates.

Exploits for the vulnerability, designated CVE-2021-40444, were used to attack nearly 5,000 people globally in Q2 2022, eight times more than in Q1 2022, according to Kaspersky experts. CVE-2021-40444 is a flaw in MSHTML, the engine that powers Internet Explorer. This web browser is included with operating systems because some software relies on its engine to work with online content – for example, Microsoft Office components use it. 

“Since CVE-2021-40444 is quite easy to use, we expect an increase in its exploitation globally. Criminals craft malicious documents and convince their victims to open them through social engineering techniques. The Microsoft Office application then downloads and executes a malicious script. To be on the safe side, it is vital to install the vendor’s patch, use security solutions capable of detecting vulnerability exploitation, and to keep employees aware of modern cyberthreats,” comments Alexander Kolesnikov, malware analyst at Kaspersky.

Kaspersky researchers recommend the following measures to prevent attacks using Microsoft Office vulnerabilities:

• Provide your SOC team with access to the latest threat intelligence (TI). The Kaspersky Threat Intelligence Portal is a single point of access for the company’s TI, providing cyberattack data and insights gathered by Kaspersky over the past 20 years. To help businesses enable effective defenses in these turbulent times, Kaspersky announced free access to independent, continuously updated, and globally sourced information on ongoing cyberattacks and threats. Request access online
• Receive relevant and up-to-date information on threats to be aware of and the TTPs used by attackers
• Companies are advised to use a security solution that provides vulnerability management components, such as the Automatic Exploit Prevention within Kaspersky Endpoint Security for business. This component monitors suspicious actions of applications and blocks the execution of malicious files
• Use solutions such as Kaspersky Endpoint Detection and Response and Kaspersky Managed Detection and Response that help detect and prevent attacks at an early stage – before the attackers are able to achieve their goals