The number of attacks using Java exploits from September 2012 to August 2013 amounted to 14.1 million - a third more than in the same period in 2011/12.
This was a finding of a Kaspersky Lab study, 'Java under attack - the evolution of exploits in 2012-2013". It also revealed that the majority of these attacks happened in the second half of the study period, with more than 8.54 million attacks registered from March to August 2013, up 52.7% on the previous six months.
The study was based on data gathered from users of Kaspersky products around the world, who consented to provide information to the Kaspersky Security Network. It describes exploits as pieces of software that take advantage of a bug, glitch or vulnerability in order to penetrate a victim's computer.
They operate in a clandestine manner, making them even more dangerous, says Kaspersky. PCs running outdated or vulnerable versions of any software can get infected merely by visiting an infected Web page or opening a file containing malware.
According to Kaspersky's research, the large number of attacks employing Java exploits is unsurprising. During the 12 months of research, 161 vulnerabilities were identified in Java. "In comparison, over the period of September 2011 to August 2012, information about 51 vulnerabilities was published. Six of the newly detected vulnerabilities were rated as critical, or very dangerous; these six were most actively used in attacks by cyber criminals."
Vyacheslav Zakorzhevsky, head of the Vulnerability Research Group at Kaspersky Lab, says Java is a victim of its own popularity. He explains that cyber crooks are aware they are better off focusing on finding a vulnerability in Java, and using it to attack millions of PCs in one go, as opposed to creating multiple exploits for several less-popular products, and infecting fewer machines.
The past has seen Oracle, Java, Adobe Flash Player and Adobe Reader as being the main targets; however, the study highlights that, over the past year, Java is rising up the ranks, and now tops the list.
The report also revealed that about 80% of attacked users live in 10 countries, with the US, Russia and Germany in the top three. "Canada, USA, Germany and Brazil experienced the fastest growth in the number of attacks," says Kaspersky Lab.
During the course of a year, the study showed that each user surveyed faced an average of 3.72 attacks. "Over the period from September 2012 to February 2013, the average exposure was 3.29 attacks per individual user, and in March to August 2013, it grew to 4.15 attacks per user."
Share