5 Factors Fueling Wave Of Java Attacks10:00 AM EST Tue. Apr. 02, 2013
Attackers are increasingly targeting Web applications, and the latest analysis conducted by San Diego-based Websense Inc. found Java to be a particular target. The security firm added Java version detection to its classification engine and applied the data to its ThreatSeeker network to find out which versions of Java are being actively used on tens of millions of endpoints. The firm found a vast majority of outdated Java plugins, including some that were more than two-years old.
Here's a look at some of the contributing factors behind the onslaught of Java attacks.
Websense said most browsers are still vulnerable to Java-based attacks because they haven't been updated with the latest patches. The firm said only 5.5 percent of Java-enabled browsers are running the latest Java plugins. Many of the Java components used in the browsers were more than six months old and vulnerable to more widespread attacks, Websense said.
Java is a widely deployed and flexible programming language that enables developers to add features and functionality to applications. The flexibility breeds complexity, according to security experts. Complexity often leads to numerous vulnerabilities, said Tim van der Horst, senior malware researcher for Blue Coat Systems, Inc. While experts say many users can uninstall Java, the problem is more complicated in the enterprise, where businesses often use Java applications.
The largest single exploited Java vulnerability is the most recent one, Websense said. The firm found 93.7 percent of browsers vulnerable to the exploit. FireEye detected the Java flaw which was being used to spread a remote access Trojan onto victim's computers.
Four of six known exploits targeting Java vulnerabilities are incorporated into the Cool Exploit Kit. Cool is a relatively new automated attack toolkit, which researchers said was being rented for $10,000 a month on hacker forums. Experts at Blue Coat said the Cool Exploit Kit is growing at a faster pace than Blackhole.
The Blackhole automated attack toolkit, known for its popularity, is behind most of the attacks. The toolkit contains exploits targeting several older Java vulnerabilities. Black Hole has a large number of servers and is the engine behind many financially motivated cyberattacks.