comScore
Active Stocks
Fri Sep 29 2023 15:59:14
  1. Tata Steel share price
  2. 129 1.78%
  1. NTPC share price
  2. 245.65 3.3%
  1. Power Grid Corporation Of India share price
  2. 199.85 -0.45%
  1. State Bank Of India share price
  2. 598.7 1.48%
  1. Wipro share price
  2. 406.25 0.11%
Business News/ Technology / News/  Why Microsoft is a hot target for cyber criminals
Back

Why Microsoft is a hot target for cyber criminals

In 2018, the researchers from Kaspersky Labs came across multiple zero day vulnerabilities in Office and informed Microsoft about them
  • According to the Kaspersky Labs, after Word, the most targeted platforms were web browsers (14%) and Android (12%)
  • According to the Kaspersky Labs, after Word, the most targeted platforms were web browsers (14%) and Android (12%) (istock)Premium
    According to the Kaspersky Labs, after Word, the most targeted platforms were web browsers (14%) and Android (12%) (istock)

    NEW DELHI : Hackers can use an unpatched exploit in the Internet Explorer to both spy on Windows users and steal their local data, and the vulnerability affects Microsoft Windows 7, Windows 10 and Windows Server 2012 R2, a researcher John Page revealed on Monday.

    Email accounts across Microsoft’s Outlook, Hotmail and MSN services were left vulnerable for almost three months (1 January to 28 March) after it emerged that hackers had targeted them. However, according to Microsoft, only a “limited" number of people had their accounts compromised in the breach. In a 15 April article in the Verge, Microsoft also admitted that its Outlook.com security breach was worse than the company initially revealed, even as it made efforts to address the issue.

    Indeed! Microsoft's deep penetration in the enterprise makes it a hot target for cybercriminals. In fact, the widely-used suite of applications offered by Microsoft under the Office family and used by individuals and enterprises for creating documents--excel sheets and power point presentations--accounted for 70% of cyberattacks detected by Kaspersky’s security products in the fourth quarter of 2018.

    According to the Kaspersky Labs, after Word, the most targeted platforms were web browsers (14%) and Android (12%).

    Speaking at the Security Analysts Summit 2019, researcher Alexander Liskin from Kaspersky Labs, pointed out that the attacks surface is huge in case of Office because of complicated file formats, integration with Windows, interoparatibilty (allows disparate information systems from multiple vendors to work together) and bad decisions made by Microsoft from a security point of view while creating Office.

    In 2018, the researchers from Kaspersky Labs came across multiple zero day vulnerabilities in Office and informed Microsoft about them.

    Interestingly, none of the most exploited vulnerabilities were found in Office itself, but were actually detected in related components. For instance, two of the most exploited vulnerabilities CVE-2017-11882 and CVE-2018-0802 didn’t afflict the Word directly but were targeted at Office equation editor process (it allows users to construct math and science equations).

    This legacy formula editor is part of Office package and is mostly used with Word as an object linking and embedding tool. Microsoft reportedly issued a binary patch for the vulnerability but many components are still unpatched.

    What makes taking advantage of the exploit easier than most other forms of cyberattacks is the fact that building an exploit for CVE-2017-11882 and CVE-2018-0802 vulnerabilities doesn’t require advanced skills.

    It is one of the reasons why the turnaround time between the vulnerability being reported and the availability of an exploit has reduced and the attacks have gone up. Once a technical report for a vulnerability goes public, an exploit for it appears on the dark market in a matter of days, rues Kaspersky Labs.

    "Exciting news! Mint is now on WhatsApp Channels 🚀 Subscribe today by clicking the link and stay updated with the latest financial insights!" Click here!

    ABOUT THE AUTHOR
    Abhijit Ahaskar
    Abhijit writes on tech policy, gaming, security, AI, robotics, electronics and startups. He has been in the media industry for over 12 years.
    Catch all the Technology News and Updates on Live Mint. Download The Mint News App to get Daily Market Updates & Live Business News.
    More Less
    Updated: 15 Apr 2019, 08:28 PM IST
    Next Story
    Recommended For You
    Switch to the Mint app for fast and personalized news - Get App