An increasing number of hackers are using Java-based attacks to spread malware, leaving enterprises vulnerable when outdated versions remain installed.
“We see a substantial number of detections for java-based exploits and that was over the past three months,” Alex Dubrovsky, director of software engineering & threat research at Dell SonicWALL, said during a presentation last month. “The largest number of exploit attempts is by far happening in the United States.”
Other highly targeted countries include Canada, France, Germany, Korea, India and the United Kingdom, Dubrovsky said. Cybercrooks are using Java-based attacks to install fake antivirus software to wreak havoc or even to seize control over entire machines. More than 3 billion devices run Java, he said.
How Java-based attacks work
Dubrovsky dedicated a large portion of his latest threat-research presentation to Java-based attacks, breaking down step by step how they work and hide within the HTML coding of seemingly innocuous websites. Here’s how the infections work:
- A user visits a malicious webpage.
- The applet downloads a malicious executable, which releases the infection.
Launching a Java-based attack is apparently fairly easy and relatively inexpensive. Within the digital attack space, crime-ware kits — which can be purchased for as little as $200 — often come supplied with Java-based exploits, the ZDNet Zero Day blog reported in March.
Spammers spread infection
To trick people into visiting a malicious webpage, cybercriminals often exploit insatiable appetites for breaking news by sending links in an email message with enticing headlines in the subject line.
Security experts told SecurityWatch in April about spammers circulating malicious emails masquerading as news updates about the Boston Marathon bombing less than 24 hours after the attack. Email isn’t the only attack vector, as German security specialist Avira also found posts on Facebook with links to various websites that appeared malicious.
“This social engineering technique is not new. We see this every time there is something happening in the world (war, natural catastrophe, social events) that is potentially interesting for a lot of people,” Sorin Mustaca, IT security expert at Avira, told SecurityWatch.
Security tips for enterprises
The prevalence of Java-based attacks speaks to the importance of running the most updated version and uninstalling older versions. A recent report by security firm Bit9 found that 82 percent of enterprises are running the most vulnerable version of Java, version 6, on PCs and servers, and that the average enterprise is running 50 different versions.
Bit9 urges enterprises to evaluate whether Java is necessary and, if choosing to remove it, should conduct a software audit to confirm eradication. Administrators should also regularly look for unexpected installations of Java.Tags: IT Security,Technology