Kaspersky spots patched Microsoft Office vulnerability risk
The weakness was fixed in 2015, but some hacker groups including Danti are still using it by preying on unpatched machines
Kaspersky has discovered a number of criminals are still taking advantage of weakness in Microsoft Office that has been patched by the company but hasn't been applied to all machines.
Hacker groups including Platinum, APT16, EvilPost, SPIVY and newly uncovered collective Danti have used the exploit for the CVE-2015-2545 vulnerability recently, targeting computers that haven't installed the patch.
The exploit allows cyber-espionage groups and cybercriminals to infect machines with malware rather than utilising zero-day vulnerabilities. Using the new method is cheaper than older techniques that required more time to discover the weaknesses, yet offers the same rate of infection, the report revealed.
In particular, the CVE-2015-2545 vulnerability allows an attacker to execute code using an EPS image file sent via a phishing email, which looks totally harmless. It apparently uses the PostScript technique evading Windows' Address Space Layout Randomisation (ASLR) and Data Execution Prevention (DEP) protection methods integrated into the system.
Danti, in particular, is spreading the malware by sending out phishing emails posing as high-ranking Indian officials. Once the vulnerability has been exploited, the Danti backdoor is installed, allowing hackers to uncover sensitive data on the victim's machine.
"We expect to see more incidents with this exploit, and we continue to monitor new waves of attacks and the potential relationship with other attacks in the region," Alex Gostev, Chief Security Expert at Kaspersky Lab Research Center in APAC said.
"Waves of attacks conducted with the help of just one vulnerability suggests two things: firstly, that threat actors tend not to invest many resources into the development of sophisticated tools, like zero-day exploits, when 1-day exploits will work almost as well. Secondly, that the patch-adoption rate in the target companies and government organisations is low."
The company advised businesses to ensure they take notice of patch-management in their IT infrastructure to ensure they're protected against such vulnerabilities before they become a threat.
Top 5 challenges of migrating applications to the cloud
Explore how VMware Cloud on AWS helps to address common cloud migration challengesDownload now
3 reasons why now is the time to rethink your network
Changing requirements call for new solutionsDownload now
All-flash buyer’s guide
Tips for evaluating Solid-State ArraysDownload now
Enabling enterprise machine and deep learning with intelligent storage
The power of AI can only be realised through efficient and performant delivery of dataDownload now