Exploits, software that takes advantage of a bug or vulnerability, for Microsoft Office in-the-wild hit the list of cyber headaches in Q1 2018. Overall, the number of users attacked with malicious Office documents rose more than four times compared with Q1 2017. In just three months, its share of exploits used in attacks grew to almost 50% – this is double the average share of exploits for Microsoft Office across 2017. These are the main findings from Kaspersky Lab’s Q1 IT threat evolution report.
Attacks based on exploits are considered to be very powerful, as they do not require any additional interactions with the user and can deliver their dangerous code discreetly. They are therefore widely used; both by cybercriminals looking for profit and by more sophisticated nation-backed state actors for their malicious purposes.
The first quarter of 2018 experienced a massive inflow of these exploits, targeting popular Microsoft Office software. According to Kaspersky Lab experts, this is likely to be the peak of a longer trend, as at least ten in-the-wild exploits for Microsoft Office software were identified in 2017-2018 – compared to two zero-day exploits for Adobe Flash player used in-the-wild during the same time period.
The share of the latter in the distribution of exploits used in attacks is decreasing as expected (accounting for slightly less than 3% in the first quarter) – Adobe and Microsoft have put a lot of effort into making it difficult to exploit Flash Player.
After cybercriminals find out about a vulnerability, they prepare a ready-to-go exploit. They then frequently use spear-phishing as the infection vector, compromising users and companies through emails with malicious attachments. Worse still, such spear-phishing attack vectors are usually discreet and very actively used in sophisticated targeted attacks – there were many examples of this in the last six months alone.
For instance, in late 2017, Kaspersky Lab’s advanced exploit prevention systems identified a new Adobe Flash zero-day exploit used in-the-wild against our customers. The exploit was delivered through a Microsoft Office document and the final payload was the latest version of FinSpy malware. Analysis of the payload enabled researchers to confidently link this attack to a sophisticated actor known as ‘BlackOasis’. The same month, Kaspersky Lab’s experts published a detailed analysis of СVE-2017-11826, a critical zero-day vulnerability used to launch targeted attacks in all versions of Microsoft Office. The exploit for this vulnerability is an RTF document containing a DOCX document that exploits СVE-2017-11826 in the Office Open XML parser. Finally, just a couple of days ago, information on Internet Explorer zero day CVE-2018-8174 was published. This vulnerability was also used in targeted attacks.
“The threat landscape in the first quarter again shows us that a lack of attention to patch management is one of the most significant cyber-dangers. While vendors usually issue patches for the vulnerabilities, users often can’t update their products in time, which results in waves of discreet and highly effective attacks once the vulnerabilities have been exposed to the broad cybercriminal community,” notes Alexander Liskin, security expert at Kaspersky Lab.
Other online threat statistics from the Q1, 2018 report include:
- Kaspersky Lab solutions detected and repelled 796,806,112 malicious attacks from online resources located in 194 countries around the world.
- 282,807,433 unique URLs were recognised as malicious by web antivirus components.
- Attempted infections by malware that aims to steal money via online access to bank accounts were registered on 204,448 user computers.
- Kaspersky Lab’s file antivirus detected a total of 187,597,494 unique malicious and potentially unwanted objects.
- Kaspersky Lab mobile security products also detected:
- 1,322,578 malicious installation packages.
- 18,912 mobile banking Trojans (installation packages).
To reduce the risk of infection, users are advised to:
- Keep the software installed on your PC up to date, and enable the auto-update feature if it is available.
- Wherever possible, choose a software vendor that demonstrates a responsible approach to a vulnerability problem. Check if the software vendor has its own bug bounty program.
· Regularly run a system scan to check for possible infections and make sure you keep all software up to date.
- Businesses should use a security solution that provides vulnerability, patch management and exploit prevention components, such as Kaspersky Endpoint Security for Business. The patch management feature automatically eliminates vulnerabilities and proactively patches them. The exploit prevention component monitors suspicious actions of applications and blocks malicious files executions.
Huge appetite for foldable phones – when prices fall
Samsung, Huawei and Motorola have all shown their cards, but consumers are concerned about durability, size, and enhanced use cases, according to Strategy Analytics
Foldable devices are a long-awaited disrupter in the smartphone market, exciting leading-edge early adopters keen for a bold new type of device. But the acceptance of foldable devices by mainstream segments will depend on the extent to which the current barriers to adoption are addressed.
Major brands have been throwing their foldable bets into the hat to see what the market wants from a foldable, namely how big the screens should be and how the devices should fold. Samsung and Huawei have both designed devices that unfold from smartphones to tablets, each with their own method of how the devices go about folding. Motorola has recently designed a smartphone that folds in half, and it resembles a flip phone.
Assessing consumer desire for foldable smartphones, a new report from the User Experience Strategies group at Strategy Analytics has found that the perceived value of the foldable form does not outweigh the added cost.
Key report findings include:
- The idea of having a larger-displayed smartphone in a portable size is perceived as valuable to the vast majority of consumers in the UK and the US. But, willingness to pay extra for a foldable device does not align with the desire to purchase one. Manufacturers must understand that there will be low sell-through until costs come down.
- But as the acceptance for traditional smartphone display sizes continues to increase, so does the imposed friction of trying to use them one-handed. Unless a foldable phone has a wider folded state, entering text when closed is too cumbersome, forcing users to utilize two hands to enter text, when in the opened state.
- Use cases need to be adequately demonstrated for consumers to fully understand and appreciate the potential for a foldable phone, though their priorities seemed fixed on promoting ‘two devices in one’ equaling a better video viewing experience. Identification and promotion of meaningful new use cases will be vital to success.
Christopher Dodge, Associate Director, UXIP and report author said: “As multitasking will look to be a core selling point for foldable phones, it is imperative that the execution be simplified and intuitive. Our data suggests there are a lot of uncertainties that come with foldable phone ownership, stemming mainly from concerns with durability and size, in addition to concerns over enhanced use cases.
“But our data also shows that when the consumers are able to use a foldable phone in hand, there is a solid reduction of doubt and concern about the concept. This means that the in-store experience may more important than ever in driving awareness, capabilities, and potential use cases.”
Said Paul Brown, Director, UXIP: “The big question is whether the perceived value will outweigh the added cost; and the initial response from consumers is ‘no.’ The ability for foldable displays to resolve real consumer pain-points is, in our view critical to whether these devices will become a niche segment of the smartphone market or the dominant form-factor of the future. Until costs come down, these devices will not take off.”
Huawei puts $1-bn into local developer programme
Huawei Mobile Services (HMS) South Africa has announced the launch of a local Developer Programme called Shining-Star. Huawei announced an investment of $1-billion in support of this programme across global markets, of which South Africa forms part.
‘‘HMS already has more than 570 million global users, including more than 15 million in Africa, with our business covering more than 170 countries,’’ says Likun Zhao, vice president of Huawei Consumer Business Group for Middle East and Africa. “We provide a trusted, device-centric and inter-connected eco-system that improves the user experience, helping them to discover quality content while ensuring security and privacy.”
The developer programme, announced at AfricaCom in Cape Town last week, is the first of its kind in South Africa. Huawei says it “will provide an encompassing eco-system that aims to encourage local developer innovation and support, while Huawei’s AppGallery provides a platform for developers to showcase and publish their apps”.
The platform offers open e-point access and intelligent global distribution for all apps, ranging from smart home, gaming and music to education and health-related apps.
The Shining-Star Programme has been successfully implemented in Malaysia, which has the highest number of Huawei users relative to other smartphone brands in this country. Like Malaysia, South Africa has a considerable number of Huawei users.
Shining-Star will focus on assisting local app developers who face challenges like lack of funding for app eco-systems, testing, and monetisation of their apps. South African developers particularly struggle to market their games and find investors.
“We are committed to working on empowering local app developers by offering them some much-needed infrastructure, guidance, skills and support to grow local talent,” said Zhao. “Our focus is to provide an open platform for developers that they can use to launch and market their apps, as well as give them extensive support in the form of technical development, testing, and legal and marketing tools.”
Huawei HMS Core is a hub with tools like the Account Kit, which enables users to access developers’ apps using Huawei IDs; Game Service, which enables game development; Location Kit, which provides developers with hybrid locations; Drive Kit, a data storage and management solution; and Map Kit, which offers customisation of map formats to developers.
In addition to these developer-specific tools, the Huawei HMS Core hub has growth enablers like the Push Kit and an Analytics Kit, which enable, respectively, the sending of messages and analysis of user behaviour. An Ad Kit and In-App Purchases Kit are also available, so developers can earn income from their apps. Key resources such as API reference, development guides and sample code assist are also part of the programme.
At present, more than 50,000 apps are connected to HMS Core worldwide.
* App developers with a completed app can visit https://developer.huawei.com/consumer/en/, or contact the Huawei SA Business Development team on email@example.com to find out how Huawei can support them.