AfterDawn: Tech news

Cisco: Java exploits behind 90 percent of security attacks

Written by Andre Yoskowitz (Google+) @ 20 Jan 2014 7:56 User comments (5)

Cisco: Java exploits behind 90 percent of security attacks Cisco, in their 2014 Annual Security Report, blames Java for being far and away the leading cause of security exploits.
In fact, "Java represented 91 percent of all Indicators of Compromise (IOCs) in 2013," says the report. This means Java exploits were the "final payload observed" in a huge majority of all attacks throughout the year.

"I was surprised to see that the Java IOC number was 91 percent," Levi Gundert, technical lead, Cisco Threat Research, Analysis, and Communications, added. "There were a number of Java zero days that were used in various attacks, but there were also a ton of well-known Java vulnerabilities that were packaged into various exploit packs."

Oracle, which runs Java after their acquisition of Sun Microsystems, has had to constantly update the software, including an update for 51 vulnerabilities just this week.

In the report, Cisco notes that Java exploits tend to work well for attackers because people do not patch their Java as regularly as they should. This is likely true since Java needs updates sometimes weekly. Exploits are also successful since Java is easily portable and works on nearly all operating systems. Business customers can not always patch as quickly as necessary, either, as patches could break functionality.

Additionally, the report notes that 99 percent of all mobile malware in 2013 targeted Android devices, unsurprisingly given its huge market share and open-source nature.

Read the full report here.

Previous Next  

5 user comments

121.1.2014 12:30

Not surprised! I have been a network engineer for 15 years and have always HATED Java. It's malicious by nature and should not be on ANYBODY'S COMPUTER unless you have to have it like when schools seem to constantly use that garbage program.

People ask me all the time "How do these bad things get in my computer?"

I answer them that blind computing and Java are the only reasons. Java is activated automatically every time someone clicks on any link. It drives the web and causes malware/spyware to infect PCs simply by surfing the web.

Simple as that. DO NOT INSTALL JAVA RUNTIME!!! DO NOT USE IE!
DO NOT HAVE YOUR BROWSER REMEMBER PASSWORDS AND FORMS

3 simple rules. How hard is that huh???

225.1.2014 12:45

Then what is the alternative (pertaining to Java)? Because some of the websites I regularly visit require Java. I am actually not too fond of Java because it slows down Internet Explorer but I need the damn thing... What to do??

325.1.2014 15:45

dont mistake java for java script.is it in fact java that these websites require or java script.i always thought ie used activex not java.see if you can install the java script plugin for ie. not sure as i havent used ie in years and probably never will again.

425.1.2014 16:05

years ago everything ran on java nowadays most run on flash anyway ,i don't see why heaps still use java.



custom built gaming pc from early 2010,ps2 with 15 games all original,ps3 500gbs with 5 games all original,yamaha amp and 5.1channel surround sound speakers,46inch sony lcd smart tv.

527.1.2014 21:13

Originally posted by xboxdvl2:
years ago everything ran on java nowadays most run on flash anyway ,i don't see why heaps still use java.


I would argue the exact opposite. While its true that a large set of online plugins or games were developed in java a long time ago it never really stopped being an important component to have installed on a PC. Android programs are almost exclusively written in Java and many Windows or cross-platform applications are also written in java (just not usually obviously because their UI uses none standard java libraries).

Flash is a dead technology and the only reason people are still using it or developing with it is because they don't realize its dead. Even adobe (the current owners of flash technology) have been telling people to move away from flash and onto newer HTML5 friendly tech's. Adobe killed support for flash on android and it was never supported on iOS. Since mobile is taking over it only helps to speed up the transition away from flash.
This message has been edited since its posting. Latest edit was made on 27 Jan 2014 @ 21:13

The average woman would rather have beauty than brains, because the average man can see better than he can think.
--quote by unknown

Comments have been disabled for this article.

Latest news

A bug in Chrome allows you to download Netflix movies A bug in Chrome allows you to download Netflix movies (25 Jun 2016 15:21)
A group of security researchers have found a vulnerability in Google's Chrome browser that allows downloading movies straight from Netflix. This is obviously not a feature especially the entertainment ....
7 user comments
Three out of four Netflix customers would rather cancel than watch ads Three out of four Netflix customers would rather cancel than watch ads (25 Jun 2016 14:05)
For a long time Netflix was adamant on its pricing. No changes were made for a long time and everything seemed to be good. The markets obviously reacted and more expensive deals and original ....
4 user comments
Apple Music left in the dust, Spotify at 100 million subscribers Apple Music left in the dust, Spotify at 100 million subscribers (25 Jun 2016 12:01)
Spotify has told The Telegraph that it has surpassed the 100 million mark in subscribers. Paying subscribers was earlier this year reported to have passed 30 million. Apple meanwhile is having ....
2 user comments
Rumor has it that Apple has cancelled iPhone's dual camera Rumor has it that Apple has cancelled iPhone's dual camera (18 Jun 2016 18:05)
The next iPhone will be a major upgrade to current iPhone 6s. This biyearly full upgrade cycle provides us with a bigger upgrade every two years. But how will Apple update its number one product, ....
6 user comments
OnePlus releases new flagship killer, smaller X discontinued OnePlus releases new "flagship killer", smaller X discontinued (18 Jun 2016 16:11)
The small Chinese smartphone maker OnePlus took the world by storm two years ago by releasing a super cheap flagship smartphone. They called it the flagship killer, and it indeed challenged ....
4 user comments

News archive