Java Used Consistently In Attacks
Java was the favorite of most attackers, the firm said, adding that over three-quarters of companies that run Java are using Java 6, an end-of-life, unsupported version. "In most cases, Java is the exploit that criminals choose first, since it delivers the best return on investment," Cisco said.
Malicious Flash or Adobe PDF documents also are frequently used by cybercriminals. The goal is to compromise enterprise desktops as a foothold, then move laterally within an organization until sensitive data is accessed.