Number of attacks using Microsoft Office files surges in 2023
Attacks using popular Microsoft Office file types have increased in 2023
There has been a significant uptick in attacks involving malicious files using Microsoft Office document formats in 2023, according to research by Kaspersky.
Kaspersky's detection systems found a 53% increase in attacks using malicious Microsoft Office documents, and other popular document formats such as PDFs, in 2023.
Analysis from the firm’s annual Security Bulletin shows the average number of malicious files detected each day across 2023, with Kaspersky detecting almost 125 million malicious files in total.
Since 2019 this number has increased from around just over 340,000 to over 410,000 malicious files detected by Kaspersky in 2023.
Windows remains the top target for cyber criminals, the report said, representing 88% of all malware detected every day.
Trojans continue to be the most popular type of malware, and backdoor trojans are on the rise in 2023. The number of files identified as part of backdoor trojan attacks increased from 15,000 in 2022 to 40,000 in 2023.
Backdoors are a particularly dangerous attack method as they involve covertly bypassing authentication systems to secure remote access to a system, from which they can execute a wide range of functions such as encrypting data to elevating access privileges.
Kaspersky’s head of anti-malware research Vladimir Kuskov warned the threat landscape is continually evolving with novel tactics, techniques, and procedures (TTPs) being unlocked with the adoption of new technologies such as artificial intelligence (AI).
“The number of vulnerabilities reported is also growing annually, and threat actors including ransomware gangs use them without hesitating. Furthermore, the entry barrier into cyber crime is now being lowered due to the proliferation of AI, which attackers use, for example, to create phishing messages with more convincing texts.”
Threat actors abuse trust with Microsoft Office files
RELATED RESOURCE
Distinguish the difference between fact and fiction when it comes to preventing file-based threats
DOWNLOAD NOW
Using popular Microsoft Office file formats to disguise malware has been a popular attack vector over recent years, with a widespread phishing campaign recorded in 2020 using compromised Excel macros to gain remote access to users’ systems.
Another Microsoft Office-related exploit uncovered in 2021 involved sending emails with a malicious Word file attached as a corrupted RAR archive.
After this file was uncompressed and opened, it infected the user’s system with information-harvesting malware Formbook that steals credentials from browsers, collects screenshots, and logs keystrokes.
-
Hackers are using LLMs to generate malicious JavaScript in real timeNews Defenders advised to use runtime behavioral analysis to detect and block malicious activity at the point of execution, directly within the browser
-
Developers in India are "catching up fast" on AI-generated codingNews Developers in the United States are leading the world in AI coding practices, at least for now
-
Thousands of Microsoft Teams users are being targeted in a new phishing campaignNews Microsoft Teams users should be on the alert, according to researchers at Check Point
-
Microsoft warns of rising AitM phishing attacks on energy sectorNews The campaign abused SharePoint file sharing services to deliver phishing payloads and altered inbox rules to maintain persistence
-
Microsoft just took down notorious cyber crime marketplace RedVDS – and found hackers were using ChatGPT and its own Copilot tool to wage attacks
News Microsoft worked closely with law enforcement to take down the notorious RedVDS cyber crime service – and found tools like ChatGPT and its own Copilot were being used by hackers.
-
These Microsoft Teams security features will be turned on by default this month – here's what admins need to know
News From 12 January, weaponizable file type protection, malicious URL detection, and a system for reporting false positives will all be automatically activated.
-
Warning issued as surge in OAuth device code phishing leads to M365 account takeoversNews Successful attacks enable full M365 account access, opening the door to data theft, lateral movement, and persistent compromise
-
The Microsoft bug bounty program just got a big update — and even applies to third-party codeNews Microsoft is expanding its bug bounty program to cover all of its products, even those that haven't previously been covered by a bounty before and even third-party code.
-
Microsoft Teams is getting a new location tracking feature that lets bosses snoop on staff – research shows it could cause workforce pushback
News A new location tracking feature in Microsoft Teams will make it easier to keep tabs on your colleague's activities – and for your boss to know exactly where you are.
-
Microsoft opens up Entra Agent ID preview with new AI featuresNews Microsoft Entra Agent ID aims to help manage influx of AI agents using existing tools
