Several vulnerabilities in Microsoft Office, which were fixed a few years ago, are still among the most exploited security flaws in attacks, warns the U.S. government.
This week, the Cyber Security and Infrastructure Protection Agency (CISA) and the Federal Bureau of Investigation (FBI) issued a warning with recommendations on some of the vulnerabilities most commonly used in attacks.
The report points out that these errors are regularly used by foreign cybercriminals in attacks targeting both the public and private sectors, and that risks can be mitigated by stepping up efforts to correct errors in the systems and implementing programs to update the system.
Between 2016 and 2019, cybercriminals generally attempted to exploit systems with vulnerabilities in Microsoft Office (CVE-2017-11882, CVE-2017-0199, CVE-2012-0158, CVE-2015-1641), Apache Struts (CVE-2017-5638), Microsoft SharePoint (CVE-2019-0604), Microsoft Windows (CVE-2017-0143) and Microsoft.NET (CVE-2017-8759), Adobe Flash Player (CVE-2018-4878) and Drupal (CVE-2018-7600).
Attacks to exploit these security vulnerabilities have attempted to use various families of malware, including Loki, FormBook, Pony/FAREIT, FINSPY, LATENTBOT, Dridex, JexBoss, China Chopper, DOGCALL, FinFisher, WingBird, Toshliph, UWarrior and Kitty, to name but a few.
The three vulnerabilities most exploited by government-funded threat actors in China, Iran, North Korea and Russia are Microsoft Office and have long since been addressed: CVE-2017-11882, CVE-2017-0199 and CVE-2012-0158.
According to a technical analysis conducted by the U.S. government, attackers are likely to exploit vulnerabilities in Microsoft’s Object Linking and Embedding (OLE) technology. With OLE, documents can contain embedded content from other applications, such as spreadsheets. After OLE, the second most popular vulnerable technology, according to the report, was a widespread web structure known as Apache Struts.
In 2015, the U.S. government classified CVE-2012-0158 as the system most commonly used by Chinese threat actors in cyber operations, and this vulnerability is still widely exploited by these hackers.
This trend shows that organizations have not yet implemented solutions to this vulnerability, and that Chinese government cyberbutbers can continue to introduce outdated bugs into their operations as long as they remain effective, according to the U.S. government.
In 2020, in addition to the above vulnerabilities, attackers began to take full advantage of the weaknesses of virtual private networks (CVE-2019-19781 and CVE-2019-11510), the poor configuration of Microsoft Office 365 and the weaknesses of cyber security, such as poorly trained employees in social engineering and the lack of system recovery and disaster recovery plans.
That’s what it looks like: Correct the secure VPN pulse Not enough to deter attackers, warns ICAR.
That’s what it looks like: DHS repeats the safety recommendations 365
Ionat Argir is the international correspondent for Security Week.
Previous chronicles of Ionat Argir: