Connect with us

Hi, what are you looking for?

HEADLINES

Study reveals surge in Java exploit attacks to 14.1 million in a year

The number of attacks using Java exploits from September 2012 to August 2013 amounted to 14.1 million – one third more than in the same period in 2011-2012,

The number of attacks using Java exploits from September 2012 to August 2013 amounted to 14.1 million – one third more than in the same period in 2011-2012, according to the Kaspersky Lab study, “Java Under Attack – The Evolution of Exploits in 2012-2013.”

Exploits are malicious programs designed to take advantage of vulnerabilities in legitimate software and penetrate users’ computers. The fact that they function surreptitiously makes them all the more dangerous.

If a computer is running vulnerable versions of any software, simply visiting an infected web page or opening a file containing malicious code is enough to trigger an exploit. Traditionally, the most frequent targets for attacks have been Oracle Java, Adobe Flash Player, and Adobe Reader. However, the Kaspersky Lab study revealed that in the past year Java is increasingly becoming the prime target for cybercriminals.

The study was based on data gathered from users of Kaspersky products around the world who consented to provide information to Kaspersky Security Network.

Advertisement. Scroll to continue reading.

Of the 14.1 million attacks detected using Java exploits, most happened in the second half of the study period – over 8.54 million attacks were registered from March to August 2013, up 52.7% on the previous six months.

The study also found that over a 12-month period, Kaspersky Lab’s products protected more than 3.75 million users across the globe from Java exploit attacks.

Approximately 80% of attacked users live in 10 countries; the Top 3 includes the USA, Russia and Germany.

Canada, the USA, Germany and Brazil experienced the fastest growth in the number of attacks. Approximately 50% of all attacks were launched using just six families of Java exploits.

For home users, installing newly released updates is rarely a high priority – which plays into the cybercriminals’ hands. According to the research, most users keep working with a vulnerable version of Java for six weeks after an update is released.

Advertisement. Scroll to continue reading.

Over a one-year period, each user faced an average of 3.72 attacks. Over the period from September 2012 – February 2013, the average exposure was 3.29 attacks per individual user; in March – August 2013, it 4.15 was attacks per user. In the space of six months exposure rates rose by 26.1%.

The study also revealed that 1,210,000 unique attack sources were identified in 95 countries.

The large number of attacks launched using Java exploits is little surprise: over the 12 months of Kaspersky Lab’s research, 161 vulnerabilities were identified in Java.

In comparison, over the period of September 2011 to August 2012, information about 51 vulnerabilities was published. Six of the newly detected vulnerabilities were rated as critical, or very dangerous; these six were most actively used in attacks by cybercriminals.

“Java is a victim of its own popularity,” said Vyacheslav Zakorzhevsky, Head of the Vulnerability Research Group at Kaspersky Lab.

Advertisement. Scroll to continue reading.

“Cyber criminals know they are better off focusing their efforts on finding a vulnerability in Java and then attacking millions of computers at one stroke, rather than creating multiple exploits for several less popular products and still finding that they are affecting fewer computers,” he added.

To protect themselves against the potential costs of a malicious attack launched using Java exploits, Kaspersky Lab’s experts advise both home and corporate users to install Java updates promptly as well as choosing security solutions that can reliably block exploit-based cyber-attacks.

Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

APPS

Today, the App Store stands at the forefront of app distribution, setting the standard for security, reliability, and user experience.

HEADLINES

Kaspersky has detected and blocked over 13 million web threats from its security solutions for businesses in Southeast Asia (SEA). Historical data from the...

HEADLINES

Kaspersky has been at the forefront of raising awareness about cybercrimes and empowering individuals and organizations to protect themselves.

HEADLINES

“We remind our customers to carefully inspect URLs before opening them. Criminals often use spellings very close to legitimate domains to deceive customers into...

HEADLINES

For the Philippines, PH-CERT and NADPOP estimate that the country needs 180,000 trained and validated cybersecurity professionals to proactively and effectively protect the country’s...

White Papers

46% of geo-distributed companies encountered network problems between one and three times per month, while 13% stated they experienced network challenges every week. The...

HEADLINES

“Data is the new oil. Cyber criminals steal personal information to defraud you or use your identity to victimize people close to you. Guard...

White Papers

According to the report, among organizations surveyed, 97% of those hit by ransomware over the past year engaged with law enforcement and/or official government...

Advertisement