Android and Java are Still Highly Exploited

Cisco security report finds that 76 percent of corporations studied are still running the vulnerable and unsupported Java 6.

Beware, Java and Android developers -- including those who use cross-platform development: your code is at great risk.

Java flaws made up 91 percent of all Web-based attacks last year, according to the recently released Cisco Annual Security Report.

More troubling is that with the overwhelming majority of Web-based attacks targeting Java, 76 percent of the corporations studied for the network firm's report are still running the vulnerable and unsupported Java 6.

The report pointed out that since 89 percent of all PCs in the U.S. have Java installed, it remains "high on the list of favored tools for criminals."

"Java provides an attack surface that is too big for criminals to ignore," read the report. "They tend to build solutions that run exploits in order—for instance, they first attempt to breach a network or steal data using the easiest or best-known vulnerability before moving on to other methods."

While Java will continue to be a low-risk, high-reward target for attackers in 2014, Cisco recommends users and network admins take steps to drastically lower the chance of attacks, including:

  • Disabling Java on a network-wide level when it's not needed.
  • Deploy tools that specifically monitor all Java-related Web traffic on a network.
  • Keep all Java versions and antimalware software up to date.

Android Malware Continues To Explode
On the mobile front, attacks aimed at Android-based devices accounted for 71 percent of all Web-based attacks and 99 percent of all mobile malware created last year was intended for Google's mobile platform.

The Andr/Qdplugin-A mobile malware was the most-used tool used by attackers (43.8 percent of Android attacks), and its delivery occurred when legitimate apps hiding the malware were downloaded from unofficial app distributers.

Cisco points to the widespread appeal of BYOD coupled with a lax security plan for employee personal devices have contributed to the rise in Android malware popularity.

"Instituting a formal program for managing mobile devices to help ensure that any device is secure before it can access the network is one solution to improve security for the enterprise," read the report.

Spam Falls Sharply
While malware continued to trend up, Cisco found that global spam volume took a nosedive in 2013. In January the global spam volume was at 80 billion per day and by December that figure had dropped to closer to 30 billion per day.

Even though spam volume has constantly decreased over the past few years, the major spam trend Cisco identified for the year was the large increase in spam activity after the Boston Marathon bombing.

Thanks to attackers using the news event to craft spam relating to the incident, spam volume numbers ballooned to more than 150 billion messages per day in the days after the April 15 bombing. At its height, 40 percent of all spam being sent out related to the Boston Marathon attack. However, the overall decline in spam volume resumed its downward trend in late May.

While Cisco points to the overall decrease in spam as one positive takeaway from the 2013 study, malicious spam numbers stayed constant.

About the Author

Chris Paoli is the site producer for and

comments powered by Disqus


  • What's New in Visual Studio 2019 v16.5 Preview 2

    The second preview of Visual Studio 2019 v16.5 has arrived with improvements across the flagship IDE, including the core experience and different development areas such as C++, Python, web, mobile and so on.

  • C# Shows Strong in Tech Skills Reports

    Microsoft's C# programming language continues to show strong in tech industry skills reports, with the most recent examples coming from a skills testing company and a training company.

  • Color Shards

    Sharing Data and Splitting Components in Blazor

    ASP.NET Core Version 3.1 has at least two major changes that you'll want to take advantage of. Well, Peter thinks you will. Depending on your background, your response to one of them may be a resounding “meh.”

  • Architecture Small Graphic

    Microsoft Ships Preview SDK, Guidance for New Dual-Screen Mobile Era

    Microsoft announced a new SDK and developer guidance for dealing with the new dual-screen mobile era, ushered in by the advent of ultra-portable devices such as the Surface Duo.

  • How to Create a Machine Learning Decision Tree Classifier Using C#

    After earlier explaining how to compute disorder and split data in his exploration of machine learning decision tree classifiers, resident data scientist Dr. James McCaffrey of Microsoft Research now shows how to use the splitting and disorder code to create a working decision tree classifier.

.NET Insight

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.

Upcoming Events