All the latest UK technology news, reviews and analysis


EU cyber security group warns of growing drive-by exploit risks

08 Jan 2013
European network and Information Security Agency logo

Drive-by exploits have become the top web security threat, according to the European Network and Information Security Agency (ENISA), which released its Cyber Threat Landscape report today.

The EU cyber security group warned that drive-by exploits - the injection of malicious code by the HTML of websites that exploits vulnerabilities in web browsers - are being increasingly used by attackers to target web browser plugins such as Java, Adobe Reader and Adobe Flash.

"The attacks are almost exclusively launched through compromised legitimate websites which are used by attackers to host malicious links and actual malicious code," ENISA said in its report.

"These attacks target software residing in internet users and infects them automatically when visiting a drive-by download website, without any user interaction."

More worryingly for mobile users, ENISA used the example of how the first drive-by threat for Android was spotted in May 2012 to underline that drive-by attacks as they are now targeting mobile devices.

"Most of the drive-by attacks detected originate from cyber criminals who have adopted this exploitation technique and use it widely via exploit kits, such as Blackhole22," ENISA's report added.

The next biggest threats cited in the report were Worms and Trojans. ENISA said Worms and Trojans made it into second place due to their widespread use by cyber criminals for moneymaking.

"Trojans are the most reported type of malicious code. Although a relatively small amount of computer systems were infected by worms, massive worm epidemics observed in the past have been replaced by an increasing number of targeted Trojans," ENISA's report stated.

"Trojan Autorun and Conficker worms are still two of the top threats worldwide. These two pieces of malware are more than four years old and, even though the vulnerabilities that allow them to infect systems have been addressed, they still claim victims."

 

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Lee Bell
About

Lee joined as a reporter on The INQUIRER in April 2012.

Prior to working at The INQUIRER, Lee was sponsored by the NCTJ to do a multimedia journalism course in London. After completing placements at local magazines and newspapers in both print and online he wrote for an online gaming news website, and it was here where his love for technology grew.

Lee's main coverage areas include processors, internet security, PCs, laptops and tablet news and reviews.

More on Government
What do you think?
blog comments powered by Disqus
Poll

Windows 10 poll

What are your first impressions of Windows 10?
13%
4%
10%
4%
22%
4%
43%

Popular Threads

Powered by Disqus
V3 Sungard roundtable event - Cloud computing security reliability and scalability discussion

CIOs debate how to overhaul businesses for the digital era

V3 hosts roundtable with Sungard Availability Services

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Head of IT

Bede’s is looking for a dynamic, driven and able Head...

Web Developer - C#, ASP.NET, SQL, Javascript

Web Developer - C#, ASP.NET, SQL, Javascript S...

Do you want to IT Contract or Have You Recently Arrived in the UK?

BITE Consulting could be the answer for you!! The...

Junior / Mid Level Apple Mac Engineer for Help Desk role

We are looking for a Junior to mid weight Help Desk engineer...
To send to more than one email address, simply separate each address with a comma.