Cisco: Java exploits behind 90 percent of security attacks

Cisco: Java exploits behind 90 percent of security attacks
Cisco, in their 2014 Annual Security Report, blames Java for being far and away the leading cause of security exploits.

In fact, "Java represented 91 percent of all Indicators of Compromise (IOCs) in 2013," says the report. This means Java exploits were the "final payload observed" in a huge majority of all attacks throughout the year.



"I was surprised to see that the Java IOC number was 91 percent," Levi Gundert, technical lead, Cisco Threat Research, Analysis, and Communications, added. "There were a number of Java zero days that were used in various attacks, but there were also a ton of well-known Java vulnerabilities that were packaged into various exploit packs."

Oracle, which runs Java after their acquisition of Sun Microsystems, has had to constantly update the software, including an update for 51 vulnerabilities just this week.

In the report, Cisco notes that Java exploits tend to work well for attackers because people do not patch their Java as regularly as they should. This is likely true since Java needs updates sometimes weekly. Exploits are also successful since Java is easily portable and works on nearly all operating systems. Business customers can not always patch as quickly as necessary, either, as patches could break functionality.

Additionally, the report notes that 99 percent of all mobile malware in 2013 targeted Android devices, unsurprisingly given its huge market share and open-source nature.

Read the full report here.

Written by: Andre Yoskowitz @ 20 Jan 2014 7:56
Tags
malware Cisco Java
Advertisement - News comments available below the ad
  • 5 comments

  • hearme0

    Not surprised! I have been a network engineer for 15 years and have always HATED Java. It's malicious by nature and should not be on ANYBODY'S COMPUTER unless you have to have it like when schools seem to constantly use that garbage program.

    People ask me all the time "How do these bad things get in my computer?"

    I answer them that blind computing and Java are the only reasons. Java is activated automatically every time someone clicks on any link. It drives the web and causes malware/spyware to infect PCs simply by surfing the web.

    Simple as that. DO NOT INSTALL JAVA RUNTIME!!! DO NOT USE IE!
    DO NOT HAVE YOUR BROWSER REMEMBER PASSWORDS AND FORMS

    3 simple rules. How hard is that huh???

    21.1.2014 12:30 #1

  • tommyo54

    Then what is the alternative (pertaining to Java)? Because some of the websites I regularly visit require Java. I am actually not too fond of Java because it slows down Internet Explorer but I need the damn thing... What to do??

    25.1.2014 12:45 #2

  • aldan

    dont mistake java for java script.is it in fact java that these websites require or java script.i always thought ie used activex not java.see if you can install the java script plugin for ie. not sure as i havent used ie in years and probably never will again.

    25.1.2014 15:45 #3

  • xboxdvl2

    years ago everything ran on java nowadays most run on flash anyway ,i don't see why heaps still use java.


    custom built gaming pc from early 2010,ps2 with 15 games all original,ps3 500gbs with 5 games all original,yamaha amp and 5.1channel surround sound speakers,46inch sony lcd smart tv.

    25.1.2014 16:05 #4

  • 0ldskool

    Originally posted by xboxdvl2: years ago everything ran on java nowadays most run on flash anyway ,i don't see why heaps still use java.

    I would argue the exact opposite. While its true that a large set of online plugins or games were developed in java a long time ago it never really stopped being an important component to have installed on a PC. Android programs are almost exclusively written in Java and many Windows or cross-platform applications are also written in java (just not usually obviously because their UI uses none standard java libraries).

    Flash is a dead technology and the only reason people are still using it or developing with it is because they don't realize its dead. Even adobe (the current owners of flash technology) have been telling people to move away from flash and onto newer HTML5 friendly tech's. Adobe killed support for flash on android and it was never supported on iOS. Since mobile is taking over it only helps to speed up the transition away from flash.

    The average woman would rather have beauty than brains, because the average man can see better than he can think.
    --quote by unknown

    27.1.2014 21:13 #5

© 2024 AfterDawn Oy

Hosted by
Powered by UpCloud