Found a malware known as software “exploitation” Exploits, which use errors or gaps in the systems software such as Microsoft Office, a place not on the list of electronic transactions in the first quarter of 2018; the number of users who were attacked through the levels of Office malicious by more than four times compared to the first quarter of last year.
Within just three months, grew to share files from software exploitation used in the attacks to nearly 50%, representing twice the average number of operations and the exploitation of that target in 2017 the system office famous which is produced by Microsoft, according to the results of the annexation report prepared by the company Kaspersky Lab on the evolution of threats to information technology in the first quarter of the current year.
Saw the first quarter of this year, a huge influx of software, such exploitation, targeting Pack Microsoft Office. According to Kaspersky Lab, it is likely that this is the climax of a long-term, as it has been in years 2017 and 2018 to determine the presence of at least ten software to exploit the system the Microsoft Office in fact, compared to only two of the attacks exploitation of known as “attack without waiting for the” which exploited the gaps is a well-known player Adobe Flash Player during the same time period.
And decreases the share of attacks on Adobe Flash Player in the distribution of software exploitation used in attacks, as anticipated, until it became represents less than three percent slightly in the first quarter, after having made all of the Adobe and Microsoft great efforts in the protection of the Flash Player from attacks.
After the discovery of cybercriminals security vulnerability, is a process of exploitation and resort to frequently using the style perception of it as a vector to attack, vulnerable users and businesses at risk.
Select the systems to prevent attacks and exploitation Advanced of Kaspersky, in the autumn of 2017, the software is a new exploit for Adobe Flash based on the principle of “attack without waiting for the” Zero-day used in fact against software users Kaspersky, has been delivering software exploitation of these cross-level Office where the final payload is the latest version of the malicious software FinSpy.
Assisted with the analysis of protection of researchers have Kaspersky to link this attack third-party subversive sophisticated known as BlackOasis. Deployment of experts in the same month a detailed analysis of a gap-critical CVE-2017-11826 used to launch the attacks is present in all versions of Microsoft Office.
Represent the exploitation of this gap in the level of RTF contains the level of DOCX exploits CVE-2017-11826 in XML parser Open Office.
Finally, it was just a few days ago published information about the vulnerability in a famous web browser Internet Explorer is CVE-2018-8174, and found that it has been exploited in attacks wave without waiting.
Users are advised to follow the following procedures to reduce the risk of injury, making the software installed on the computer constantly updated, with enable the Automatic Update feature if available, choose a supplier of software it seems a responsible way to solve the problems of the gaps, where possible. Check if the software vendor of the program to reward users for reporting problems with the software, in addition to the use of powerful security solutions, no special features to protect against software exploitation, such as Automatic Exploit Prevention etc by the automatic attempts of exploitation, and conducting a periodic check of the system to check for possible injuries and make sure to update all software.
As the companies use a security solution lets deal with the gaps and repair, and components to prevent exploitation, such as Kaspersky Endpoint Security for Business. The management feature automatic correction to get rid of the gaps and troubleshoot proactively. It offers components to prevent exploitation and to monitor the actions of suspicious applications and execute malicious files.
The growth of cyber attacks on Microsoft 4-fold in 2018 appeared first on the tech world.