Java flaws increasingly targeted by attackers, researchers say
Web exploit toolkit developers are focusing on Java exploits
IDG News Service - Java vulnerabilities are increasingly exploited by attackers to infect computers, and the problem could become worse if Oracle doesn't do more to secure the product and keep its installation base up to date, according to security researchers who will talk about Java-based attacks at the Black Hat USA 2012 security conference.
A large number of computers get infected today through drive-by-download attacks performed with the help of Web exploit toolkits -- malicious Web applications designed to exploit vulnerabilities in widespread browser plug-ins like Flash Player, Adobe Reader or Java.
Java was acquired by Oracle as part of its 2010 acquisition of Sun Microsystems.
A couple of years ago the most targeted browser plug-ins were Flash Player and Adobe Reader, but many of today's Web exploit toolkits rely heavily on Java exploits, said Jason Jones, a security researcher with HP DVLabs, Hewlett-Packard's vulnerability research division.
Jones has monitored the development of some of the most commonly used Web exploit toolkits, like Blackhole or Phoenix, and will present his findings at Black Hat on Thursday.
One clear trend is that Web exploit toolkit developers are increasingly focusing on Java exploits, Jones said. They are also integrating exploits for new Java vulnerabilities at a much faster pace than before.
In some cases attackers reuse exploit code that gets published online by security researchers after Oracle patches the vulnerabilities. However, they modify it and apply different obfuscation techniques to it in order to evade detection by security products.
"Overall we have seen the amount of Java malware increasing over time, based on our telemetry," Jeong Wook Oh, a researcher with Microsoft Malware Protection Center, said via email. Oh is scheduled to talk about recent Java exploitation trends and malware at Black Hat on Thursday.
Cybercriminals are attracted to Java exploits because they can have very high success rates. For example, one particular exploit integrated into Blackhole in 2011 had an over 80 percent success rate, Jones said.
This is because users are not deploying the available security updates in a timely fashion, which is going to be an even greater problem now that attackers are targeting new Java vulnerabilities faster.
Adobe dealt with similarly low patch adoption rates for Flash Player and Adobe Reader by improving the update mechanisms for those products and even implementing automatic updates for Flash Player.
Those changes had a direct impact on the overall frequency of attacks targeting the two products and so did other in-depth security measures taken by the company, like the introduction of a security development cycle (SDL) -- a series of code security reviews and development practices that aim to reduce the number of vulnerabilities -- or the implementation of sandboxing technologies, said Carsten Eiram, the chief security specialist at vulnerability management firm Secunia.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The Threat Landscape Hardly a day goes by without the discovery of a new cyberthreat somewhere in the world! But how do you keep up with...
- Security for Virtualization In the rush to implement virtualization, security has become second. So while the business benefits are clear, the risks are less well documented...
- Is Your Big Data Solution Production-Ready? Read "Is Your Big Data Solution Production-Ready?" now, and discover best practices and actionable steps to implementing a production-ready big data solution.
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Malware and Vulnerabilities White Papers | Webcasts