A new study by researchers with Kaspersky Lab found that the number of attacks on their customers exploiting Java reached more than 14 million between September 2012 and August 2013.
The situation may be exacerbated by many users not keeping up to date with patches. According to Kaspersky Lab, of the 161 vulnerabilities detected in various versions of Java during the life of the study, most were in versions 1.5, 1.6 and 1.7, which are the most prevalent versions of the software.
“Remarkably, SE 6 U37 — released back in October 2012 — was the most recent version of Java 1.6 in the Top 10 most commonly used versions,” according to the report. “The conclusions are obvious: one and a half months after the release of the latest version of Java, most users are still working with vulnerable versions.”
Java security has had a rough year from both a security and a public relations standpoint. The presence of high-profile vulnerabilities and activity by attackers arming exploit kits with attack code prompted Oracle in January to pledge security improvements and additional outreach to educate the Java user community.
According to Kaspersky, the increase in attacks represents more than 33 percent increase since September 2011 and August 2012. Fifty percent of all the attacks were launched using just six families of Java exploits.
Most of the attacks (80 percent) between occurred in 10 countries, with the top three being the United States, Russia and Germany.
A slight uptick in attacks was detected between March and August, when 8.54 million of the attacks were observed. During that period, 31.14 percent of the attacks were traced to servers hosted in the United States. Roughly 18 percent of the attacks were found to have originated in Russia.
“Oracle has patched all critical vulnerabilities, and information about these patches was disclosed during the period addressed in this report,” Kaspersky’s report noted. “In some cases, just a couple of days passed before a patch was released. All the same, the number of attacks and the number of users subjected to these attacks continued to rise.”
More from Brian Prince
- U.S. Healthcare Companies Hardest Hit by ‘Stegoloader’ Malware
- CryptoWall Ransomware Cost Victims More Than $18 Million Since April 2014: FBI
- New Adobe Flash Player Flaw Shares Similarities With Previous Vulnerability: Trend Micro
- Visibility Challenges Industrial Control System Security: Survey
- Adobe Flash Player Zero-Day Exploited in Attack Campaign
- Researchers Demonstrate Stealing Encryption Keys Via Radio
- Researchers Uncover Critical RubyGems Vulnerabilities
- NSA, GCHQ Linked to Efforts to Compromise Antivirus Vendors: Report
Latest News
- F5 Working on Patch for BIG-IP Flaw That Can Lead to DoS, Code Execution
- Flaw in Cisco Industrial Appliances Allows Malicious Code to Persist Across Reboots
- UK Car Retailer Arnold Clark Hit by Ransomware
- Dealing With the Carcinization of Security
- HeadCrab Botnet Ensnares 1,200 Redis Servers for Cryptomining
- Cyber Insights 2023 | Supply Chain Security
- Cyber Insights 2023: Regulations
- Cyber Insights 2023: Ransomware
