Java the preferred point of entry for online criminals

It used to be Adobe and maliciously crafted Word, Excel, and PowerPoint documents, but Java now takes the cake compared to those methods, according to Cisco.

Online criminals and scammers are having much more luck breaking into others' computers with Java rather than the usual desktop application exploits, according to findings from Cisco's 2014 Annual Security Report.

According to its network security subsidiary Sourcefire, which it acquired in July last year , when looking at web exploits, the key culprit 91 percent of the time is Java.

However, Sourcefire has restricted its range of web exploits to Java; Microsoft Word, Excel, and PowerPoint; and Adobe Reader.

Cisco's own Threat Research Analysis and Communications/Security Intelligence Operations (TRAC/SIO) group, rather than Sourcefire, shows a different opinion within the same report.

TRAC/SIO found that Java malware encounters peaked at just 14 percent in April, compared to "all web malware".

Nevertheless, a large percentage of businesses are leaving themselves at risk. Looking into the companies running its web security services offering, Cisco said that 76 percent of these organisations are running Java 6, which is no longer supported by Oracle.

Both Cisco's and Sourcefire's findings point to an increased focus on Java rather than Adobe. In 2011, M86 Security Labs' ranking of exploits saw Java receive two mentions on its top 15 list . The top places were occupied by Microsoft Internet Explorer and Office, as well as a large number of Adobe Reader and Acrobat vulnerabilities.

There have been a huge number of flaws in Java that have required Oracle to act , but the focus on Java is corroborated by the findings of AV-Test . This month, the organisation revealed that between 2000 and now, Java has contributed the most to breaches.

Show Comments