One quarter after another, Microsoft Office remains the most widely exploited software for malware delivery.
The primary reason is that a significant portion of Office users delay essential security updates, which keeps the doors open for fraudsters to inject malicious code through various loopholes, even if they are already known publicly.
Data presented by Atlas VPN shows that in Q1 2022, as many as 78,5% of malware targets Microsoft Office vulnerabilities.
While Securelist, the online warehouse for malware research from Kaspersky, does not share malware statistics for Q4 2021, they provide data for Q3 2021, revealing that Microsoft Office was targeted in 60.68% of attacks back then. Based on the findings, it is safe to say that hackers abuse Microsoft Office more and more.
The main difference between Q1 2022 and Q3 2021 is found in percentage changes regarding Office and browser exploits.
Researchers believe browser exploits are becoming increasingly rare because they get updated automatically, which is not the case for Microsoft Office.
Hackers primarily target users that do not follow the basic cybersecurity practices of patching their software as soon as the update is available.