All the latest UK technology news, reviews and analysis

EU cyber security group warns of growing drive-by exploit risks

08 Jan 2013
European network and Information Security Agency logo

Drive-by exploits have become the top web security threat, according to the European Network and Information Security Agency (ENISA), which released its Cyber Threat Landscape report today.

The EU cyber security group warned that drive-by exploits - the injection of malicious code by the HTML of websites that exploits vulnerabilities in web browsers - are being increasingly used by attackers to target web browser plugins such as Java, Adobe Reader and Adobe Flash.

"The attacks are almost exclusively launched through compromised legitimate websites which are used by attackers to host malicious links and actual malicious code," ENISA said in its report.

"These attacks target software residing in internet users and infects them automatically when visiting a drive-by download website, without any user interaction."

More worryingly for mobile users, ENISA used the example of how the first drive-by threat for Android was spotted in May 2012 to underline that drive-by attacks as they are now targeting mobile devices.

"Most of the drive-by attacks detected originate from cyber criminals who have adopted this exploitation technique and use it widely via exploit kits, such as Blackhole22," ENISA's report added.

The next biggest threats cited in the report were Worms and Trojans. ENISA said Worms and Trojans made it into second place due to their widespread use by cyber criminals for moneymaking.

"Trojans are the most reported type of malicious code. Although a relatively small amount of computer systems were infected by worms, massive worm epidemics observed in the past have been replaced by an increasing number of targeted Trojans," ENISA's report stated.

"Trojan Autorun and Conficker worms are still two of the top threats worldwide. These two pieces of malware are more than four years old and, even though the vulnerabilities that allow them to infect systems have been addressed, they still claim victims."


  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Lee Bell

Lee joined as a reporter on The INQUIRER in April 2012.

Prior to working at The INQUIRER, Lee was sponsored by the NCTJ to do a multimedia journalism course in London. After completing placements at local magazines and newspapers in both print and online he wrote for an online gaming news website, and it was here where his love for technology grew.

Lee's main coverage areas include processors, internet security, PCs, laptops and tablet news and reviews.

More on Government
What do you think?
blog comments powered by Disqus
Related jobs

Tech gifts for Christmas 2014

Is a new tablet on your wish list this festive season, or have they become yesterday’s fad?

Popular Threads

Powered by Disqus
iPhone 6 is available in silver gold and space grey

iPhone 6 video review

The best iOS handset to date

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging


Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Graduate/ Junior Developer

About the company: Firmstep is a leader in helping...

Test Automation Engineer

Job Title: Test Automation Engineer Start...

IT Consultant – Technical Architect

IT Consultant – Technical Architect to work with a number...

Helpdesk Analyst

Fragomen is the largest law firm in the world dedicated...
To send to more than one email address, simply separate each address with a comma.