Kaspersky spots patched Microsoft Office vulnerability risk
The weakness was fixed in 2015, but some hacker groups including Danti are still using it by preying on unpatched machines
Kaspersky has discovered a number of criminals are still taking advantage of weakness in Microsoft Office that has been patched by the company but hasn't been applied to all machines.
Hacker groups including Platinum, APT16, EvilPost, SPIVY and newly uncovered collective Danti have used the exploit for the CVE-2015-2545 vulnerability recently, targeting computers that haven't installed the patch.
The exploit allows cyber-espionage groups and cybercriminals to infect machines with malware rather than utilising zero-day vulnerabilities. Using the new method is cheaper than older techniques that required more time to discover the weaknesses, yet offers the same rate of infection, the report revealed.
In particular, the CVE-2015-2545 vulnerability allows an attacker to execute code using an EPS image file sent via a phishing email, which looks totally harmless. It apparently uses the PostScript technique evading Windows' Address Space Layout Randomisation (ASLR) and Data Execution Prevention (DEP) protection methods integrated into the system.
Danti, in particular, is spreading the malware by sending out phishing emails posing as high-ranking Indian officials. Once the vulnerability has been exploited, the Danti backdoor is installed, allowing hackers to uncover sensitive data on the victim's machine.
"We expect to see more incidents with this exploit, and we continue to monitor new waves of attacks and the potential relationship with other attacks in the region," Alex Gostev, Chief Security Expert at Kaspersky Lab Research Center in APAC said.
"Waves of attacks conducted with the help of just one vulnerability suggests two things: firstly, that threat actors tend not to invest many resources into the development of sophisticated tools, like zero-day exploits, when 1-day exploits will work almost as well. Secondly, that the patch-adoption rate in the target companies and government organisations is low."
The company advised businesses to ensure they take notice of patch-management in their IT infrastructure to ensure they're protected against such vulnerabilities before they become a threat.
Digital Risk Report 2020
A global view into the impact of digital transformation on risk and security managementDownload now
6 ways your business could suffer if you don’t backup Office 365
Office 365 makes it easy to lose valuable data regularly, unpredictably, unintentionally, and for goodDownload now
Get the best out of your workforce
7 steps to unleashing their true potential with robotic process automationDownload now
8 digital best practices for IT professionals
Don't leave anything to chance when going digitalDownload now