JAVA IN FIRST PLACE FOR WEB EXPLOITS
The ubiquity of Java keeps it high on the list of favored tools for criminals, which makes Java compromises by far the most malicious “chain of events” activity in 2013. As Java’s “About” webpage explains, 97 percent of enterprise desktops run Java, as do 89 percent of desktop computers overall in the United States. 14 Java provides an attack surface that is too big for criminals to ignore. They tend to build solutions that run exploits in order—for instance, they first attempt to breach a network or steal data using the easiest or best-known vulnerability before moving on to other methods. In most cases, Java is the exploit that criminals choose first, since it delivers the best return on investment.
Addressing the Java Problem:
Although Java-based exploits are commonplace, and vulnerabilities are difficult to eliminate, there are methods for reducing their impact:
- Where practical, disabling Java in browsers network-wide can prevent these exploits from being launched.
- Telemetry tools built into many security solutions, can monitor
Java-associated traffic, giving security professionals a better understanding of the sources of threats.
- Comprehensive patch management can close many security holes.
- Endpoint monitoring and analysis tools that continue to track and analyze files after they enter the network can retrospectively detect and stop threats that pass through as safe but later exhibit malicious behavior.
- A prioritized list of potentially compromised devices can be generated by using IoCs to correlate malware intelligence (even seemingly benign events) and to identify a zero-day infection without existing antivirus signatures.
Upgrading to the latest version of Java will also help sidestep vulnerabilities. Strongly recommended is the use of a version of the Java 7 Runtime Environment, the most current version of the program. This is good from a security standpoint, since this version is likely to offer greater protection against vulnerabilities.
Regardless of within whatever timeframe you utilize such a solution as this to the Java problem, of even more importance is the testing of your network perimeter inside and out twice a year by an expert network security practitioner such as The Saturn Partners (www.saturnpartners.com). SPI will fully test and assess your ongoing readiness to conduct your business with the knowledge that best of breed security practices are in place to help safeguard your network environment on an ongoing basis.