According to the Cisco 2014 Annual Security Report, 91 percent of 2013 cyberattacks exploited a weakness in Java. “I was surprised to see that the Java [Indicator of Compromise] number was 91 percent,” said Levi Gundert, technical lead, Cisco Threat Research, Analysis, and Communications (TRAC). “There were a number of Java zero days that were used in various attacks, but there were also a ton of well-known Java vulnerabilities that were packaged into various exploit packs.”
He added, “2013 really was the year of Java exploits.”
Java is popular with enterprise application development teams because it works on any operating system—but that feature also makes it popular with hackers. Black hats also target Java because people don’t apply patches as often as they should, and in some cases this year, patches weren’t available for all the known security vulnerabilities.