According to analysis commissioned by NordVPN, attempts to exploit the vulnerability (CVE-2017-11882) rose by 400% in the second quarter of the year – with further growth expected.
If exploited successfully, the memory corruption bug could allow attackers to execute code on the target device remotely. This is especially problematic if the affected user account has administrative privileges, in which scenario the hacker could seize control of the system.
Once inside, a malicious actor could install programs at will, access and delete data, and create new accounts with full access rights.
Microsoft Office vulnerability
According to the Microsoft Security listing, to abuse the vulnerability hackers must trick targets into opening a specially crafted file containing an infected copy of Microsoft Office or Microsoft WordPad.
The most common and effective means of distributing these infected files is via email phishing campaigns, many of which are highly convincing and manipulative.
For example, the US Secret Service (USSS) warned citizens of an email scam in April, at the height of the pandemic, that attempted to lure victims into opening an attachment that claimed to contain important coronavirus information.
By preying on human insecurities and attaching scams to macro world events, hackers are able to infect a large pool of victims with relative ease.
“The malware targeting a decade-old MS Office vulnerability must have been under the radar, as it has been spreading through emails for three years now,” explained Daniel Markuson, Digital Privacy Expert at NordVPN.
According to the firm, businesses are at heightened risk of this form of attack, as a result of the value of data held in corporate networks and also because of the fallibility of employees.
“When internal corporate systems get breached, 99% of cases are caused by employees. The most popular way to lure employees into the trap is by email,” added Markuson.
“Businesses must stay alert and should employ defence-in-depth tactics and equip themselves with multi-layered security mechanisms, including high-sensor spam filters and a VPN connection, which would prevent malicious pages from opening.”
Individual users, meanwhile, are advised to scrutinize emails for abnormalities that might identify a scam (such as spelling errors) and ensure the sender address appears regular.