All the latest UK technology news, reviews and analysis

EU cyber security group warns of growing drive-by exploit risks

08 Jan 2013
European network and Information Security Agency logo

Drive-by exploits have become the top web security threat, according to the European Network and Information Security Agency (ENISA), which released its Cyber Threat Landscape report today.

The EU cyber security group warned that drive-by exploits - the injection of malicious code by the HTML of websites that exploits vulnerabilities in web browsers - are being increasingly used by attackers to target web browser plugins such as Java, Adobe Reader and Adobe Flash.

"The attacks are almost exclusively launched through compromised legitimate websites which are used by attackers to host malicious links and actual malicious code," ENISA said in its report.

"These attacks target software residing in internet users and infects them automatically when visiting a drive-by download website, without any user interaction."

More worryingly for mobile users, ENISA used the example of how the first drive-by threat for Android was spotted in May 2012 to underline that drive-by attacks as they are now targeting mobile devices.

"Most of the drive-by attacks detected originate from cyber criminals who have adopted this exploitation technique and use it widely via exploit kits, such as Blackhole22," ENISA's report added.

The next biggest threats cited in the report were Worms and Trojans. ENISA said Worms and Trojans made it into second place due to their widespread use by cyber criminals for moneymaking.

"Trojans are the most reported type of malicious code. Although a relatively small amount of computer systems were infected by worms, massive worm epidemics observed in the past have been replaced by an increasing number of targeted Trojans," ENISA's report stated.

"Trojan Autorun and Conficker worms are still two of the top threats worldwide. These two pieces of malware are more than four years old and, even though the vulnerabilities that allow them to infect systems have been addressed, they still claim victims."


  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Lee Bell

Lee joined as a reporter on The INQUIRER in April 2012.

Prior to working at The INQUIRER, Lee was sponsored by the NCTJ to do a multimedia journalism course in London. After completing placements at local magazines and newspapers in both print and online he wrote for an online gaming news website, and it was here where his love for technology grew.

Lee's main coverage areas include processors, internet security, PCs, laptops and tablet news and reviews.

More on Government
What do you think?
blog comments powered by Disqus

BYOD vs CYOD vs BYOC poll

Which approach is your firm taking to managing employees' mobile devices?

Popular Threads

Powered by Disqus
Galaxy S5 vs Xperia Z2 home screen

Xperia Z2 vs Galaxy S5

We break down the strengths and weaknesses of the two Android heavyweights

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Data protection: the key challenges

Deduplication is a foundational technology for efficient backup and recovery


iPad makes its mark in the enterprise

The iPad can become a supercharged unified communications endpoint, allowing users to enhance their productivity

Senior Helpdesk Support Analyst

Senior Helpdesk Analyst. Established IT Services client...

Unique Identity Consultant

Unique Identity Consultant London or Manchester...

Web Developer – HTML5, CSS3, Object Orientated PHP (5),

Web Developer – HTML5, CSS3, Object Orientated PHP (5...

S enior Data Analyst - Liquidity/Treasury

One of our key clients a Tier 1 investment bank are looking...
To send to more than one email address, simply separate each address with a comma.