Microsoft Windows is the most popular desktop operating system, and Microsoft Office is the the most popular productivity software suites in the world, with more than one billion users.
Because of these reasons, plenty of hackers are targeting users using Windows, and also Office.
And here, it's not surprising to find that 78.5% of all malware attacks that happened in the first quarter of 2022, were conducted by exploiting vulnerabilities in various Microsoft Office products.
In other words, Microsoft Office was the main reason, and the root cause of the so many malware attacks.
That, is according to a report published by Atlas VPN.
While attacks through the Microsoft product escalates, hacks and exploits utilizing browsers have declined, going down from 25.57% in third quarter of 2021, to just 7.64% in the first quarter of 2022.
Researchers believe that browser exploits are becoming increasingly rare because browsers are getting frequent updates, and that the updates are installed automatically.
This make flaws in browsers to be cleared up, which explains the percentage decrease.
Microsoft Office products on the other hand, don't get this feature.
It has been long known that hackers primarily target users that do not follow the basic cybersecurity practices of patching their software as soon as the update is available.
Since Microsoft Office is so popular, and that updates can be delayed, it’s no surprise to see the productivity app placed on top of the list.
The same goes for Android, which also seen a decrease in its percentages, down from 5.36% to 4.1%.
On the other hand Adobe Flash (3.41%), with Java (2.98%) slightly behind and PDF (2.79%) didn’t see much of a change their proportions.
During Q1 2022, the order remains unchanged; third on the list are exploits for Android (4.1%), followed by Adobe Flash (3.49%), Java (3.48%), and PDF (2.79%).
While Microsoft seems to neglect the fact that Office is the most popular medium for hackers, the company has indeed made some changes.
The most important of all, is disabling macros by default.
In Microsoft Office products, a macro is a series of commands that users can use to automate a repeated task, and can be run when they have to perform the task. Because macros are essentially programs, hackers can use them to distributed malware, like via phishing attachments.
Microsoft has previously warned users to "never enable macros in an Office file unless you're sure what those macros do."
As Microsoft blocks macros by default, Microsoft hopes that Office users should be a lot safer.
The thing is, hackers are sometimes adaptive and can also change lane fast.
As soon has Microsoft Office disables macros by default, hackers began to change their tactics.
In a report from Proofpoint, researchers who looked at malicious campaign statistics between October 2021 and June 2022, identified a clear shift to other methods of payload distribution, recording a decrease of 66% in the use of macros.
At the same time, the use of container files such as ISOs, ZIPs, and RARs has grown steadily, rising by almost 175%.
Hackers also start to heavily use LNK files after February 2022, with the researchers seeing a massive 1,675% increase compared to October 2021.
According to Proofpoint, LNK is being utilized as the weapon of choice of ten individual threat groups tracked by the researchers, using it to spread malware like Emotet, Qbot, and IcedID.
And not just that, as Proofpoint also found that a significant increase in the use of HTML attachments, where hackers are adopting HTML techniques to drop malicious files on targets/
While macros have become more and more obsolete, just like always, security researchers and hackers are always on in a cat-and-mouse game. In one way or the other, one is always trying to win over the other.
