/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
/socialsamosa/media/member_avatars/uFf1SrIk167BQ4yXdoHx.png )
Follow UsUSA: We are continuing our Java security research series by analyzing other plug-ins, browser extensions and rich internet applications that are commonly exploited.
Our previous research indicated that the current state of Java affairs isn't pretty. At that time, ninety-three percent of enterprises were vulnerable to known Java exploits. Nearly 50 percent of enterprise traffic used a Java version that was more than two years out of date. Through Websense ThreatSeeker Intelligence Cloud analysis we now discover:
* Only 19 percent of enterprise Windows-based computers ran the latest version of Java (7u25) between August 1-29, 2013.
* More than 40 percent of enterprise Java requests are from browsers still using outdated Java 6. As a result, more than 80 percent of Java requests are susceptible to two popular new Java exploits: CVE-2013-2473 and CVE-2013-2463.
* 83.86 percent of enterprise browsers have Java enabled.
* Nearly 40 percent of users are not running the most up-to-date versions of Flash.
* In fact, nearly 25 percent of Flash installations are more than six months old, close to 20 percent are outdated by a year and nearly 11 percent are two years old.
Our in-depth analysis ran for one month, across multiple verticals and industries. We surveyed millions of real-world web requests for Java usage through our global Websense ThreatSeeker Intelligence Cloud.
New Java exploits and the Neutrino Exploit kit
New Java exploits CVE-2013-2473 and CVE-2013-2463 are already making a big impact by targeting computers running outdated versions of Java. It's clear the cybercriminals know there is a Java update problem for many organizations.
For example, Websense ThreatSeeker Intelligence Cloud noticed an uptick in new hosts running the Neutrino exploit kit in the first and second weeks of August 2013. This could be attributed to Neutrino's addition of Java-based code execution exploits including CVE-2013-2463, which is based on AWT/2D vulnerabilities and affects all Java 6 users (tip of the hat to F-Secure). Typically associated with ransomware payloads, Neutrino is best known for its easy-to-use control panel and features that evade AV and IPS systems.
Forty percent of Java 6 users are vulnerable to these new exploits and there are no software patches in sight. Effective exploit kit delivery mechanisms, such as Neutrino, and unpatched vulnerabilities targeting Java 6 create a significant challenge for organizations that have not updated to Java 7.
On the positive side, our updated numbers show that enterprise IT is pushing out more Java updates. Earlier this year, 70 percent of Java requests came from Java 6 users. That figure has decreased to 40 percent.
Carl Leonard, senior security Research Manager EMEA, at IT Security firm Websense, said: "Recent high profile attacks have again firmly established the trend that Java should be viewed as a security risk. Java has become a primary gateway for hackers to enter today's businesses and it's vulnerabilities are being commoditised in the latest exploit kits.
"Research using our Websense ThreatSeeker Intelligence Cloud indicates that successful Java exploits are on the rise with computers running outdated versions of Java. We found that only 19 percent of enterprise Windows-based computers ran the latest version of Java. It is clear the cybercriminals know there is a Java update challenge for many organisations and thus they focus on exploits targeting both new and older versions of the technology.
"Enterprise companies in particular must be proactive in dealing with the threat as patch management (and most security controls) are struggling to help the majority of today's businesses. Without real-time inline security protection, business-critical applications will continue to remain vulnerable to these exploits."