3aIT Blog

Security IconAccording to a report from leading security business Kaspersky, more than 70 percent of all malware attacks that it detected last year targeted Microsoft's venerable Office suite.

Conversely, the number of attacks directed at internet browsers has reduced markedly - from 45% over a year to only 14%. One factor here is no doubt that browsers now tend to keep themselves up to date with no intervention needed from the user, so the likelihood of someone running an ancient version of a browser with known vulnerabilities is now much reduced.

While everyone is now generally aware how important it is to keep their operating system up to date, the apps we run on that operating system can sometimes fall under the radar. In this case, anyone with an Office 365 subscription will automatically receive the latest updates on an ongoing basis. However, if you rely on a "fixed year" version of Office (2010, 2013, 2016 or 2019), these all have an end-of-life date. Beyond this date, the software will cease to receive security updates, leaving it vulnerable to attack. If you run a version of Office older than those listed above, it is already out of support. Office 2010 will be the next to fall out of support in October 2020. It's also worth noting that the support period has reduced for the most recent version (2019). Both this version and 2016 both fall out of support in 2025. No doubt this is part of a continued push to move people onto their Office 365 service instead.

Kaspersky point out in their blog about these findings that one of the main reasons that Office is a prime target is precisely because of the reluctance of some to use the latest versions. A file created in Office now still has to be compatible with versions of Office going back many years. This neccesarily means that the latest versions have to retain the legacy code needed to do this - code that could be stripped out if they didn't need to retain this backward compatibility. Indeed, they note that one of these exploits is so popular because "[it is] reliable and works in every version of Word released in the past 17 years".

So what can you do? If it's a personal machine, make sure you're updating your apps as well as your operating system. If anything you run wasn't made this decade, it's almost certainly out of support! Also, ensure that you're running a malware scanner of some description (this includes Windows Defender / Security that comes with Windows 10). You can not rely on a scanner though, no matter how well it works. As ever, the best advice is to be constantly vigilant about any files you're sent. If it's not something you're expecting, don't open it.