Microsoft Office products were the most commonly exploited by cybercriminals around the world and nearly 73% of cyber exploits were performed in MS Office products in the third quarter of this year, a new report has said.
According to information gathered by PreciseSecurity.com, other exploited applications by cybercriminals included browsers and operating systems, among others.
“Data shows that exactly 72.85% of cyber exploits were performed in MS Office products as of the third quarter of this year,” Marco Mathew from computer security website said in a statement on Wednesday.
MS Office products were followed by Browsers with 13.47% of the total number of exploits by cybercriminals, Android with 9.09%, Java with 2.36%, Adobe Flash with 1.57% and PDF with 0.66 %.
Some of the most common vulnerabilities in MS Office were related to stack overflow errors in the Equation Editor application. Other vulnerabilities were CVE-2017-8570, CVE-2017-8759, and CVE-2017-0199, among others.
Another important vulnerability was related to a zero-day issue CVE-2019-1367 that produced memory corruption and allowed remote code execution on the target system, the report mentioned.
The top five countries that are sources of web-based attacks include the US with 79.16% of the market share, followed by the Netherlands with 15.58%, Germany with 2.35%, France with 1.85% and Russia 1.05%.
In computer security, an exploit makes reference to individuals such as hackers or criminals that make use and take advantage of a bug or vulnerability in a specific software or computer program.
“In many cases, these exploits can be very costly for companies and other customers that could eventually be affected,” said Mathew.
Browsers are very complex products that tend to have many vulnerabilities.
“This happens because hackers and attackers are at all times finding and searching for new bugs to exploit and take advantage of”.
Many of these vulnerabilities found in the last quarter aimed at privilege escalation inside the system stem from individual operating system services and popular applications.
Some of the worst exploits are related to financial applications that could have a negative financial effect on other users or individuals.
“At the same time, financial data is becoming increasingly important and valuable in the dark web, which is pushing hackers and attackers to obtain this data as well to sell it later to scammers and other malicious parties,” Mathew noted.