|
Cisco's 2014 Annual Security Report has found that Java represented 91
per cent of all Indicators of Compromise (IOCs) in 2013 cementing the
fact that no one technology was more abused or more culpable than Java.
According to Levi Gundert, technical lead, Cisco Threat Research,
Analysis, and Communications (TRAC) revealed that there are many
different risks and attacks that IT professionals had to deal with in
2013, and the final payload in observed attacks was a Java exploit. The
Sourcefire Vulnerability Research Team (VRT) which became part of Cisco
in 2013 with the $2.7 billion acquisition of Sourcefire presented data
for the report. |
|
Java exploits tend to have great success owing to people not patching it on a regular basis, it was informed. The fact that it is portable and works on any operating system means it's also a juicier target for malicious activities. Furthermore, with a large Java application there is always the potential that the patch could break functionality within the application.
However, patching is not a stand alone solution for the same. An attack can always occur before any patch is available as well. A few suggestions offered by Cisco to counter exploits include the need for some form of behavior detection that monitors a user's chain of events before they land on an exploit. Most legitimate Websites will not use hidden or obfuscated JavaScript, and few will redirect users without authorization.
The report also reveals that the overall number of threats rose by 14 per cent on a year-over-year basis. Among a sample of 30 large, multinational company networks taken by Cisco, 100 per cent of them at some point in 2013 visited a website that hosts malware.
No comments:
Post a Comment