EU cyber security group warns of growing drive-by exploit risks

Drive-by exploits have become the top web security threat, according to the European Network and Information Security Agency (ENISA), which released its Cyber Threat Landscape report today.

The EU cyber security group warned that drive-by exploits - the injection of malicious code by the HTML of websites that exploits vulnerabilities in web browsers - are being increasingly used by attackers to target web browser plugins such as Java, Adobe Reader and Adobe Flash.

"The attacks are almost exclusively launched through compromised legitimate websites which are used by attackers to host malicious links and actual malicious code," ENISA said in its report.

"These attacks target software residing in internet users and infects them automatically when visiting a drive-by download website, without any user interaction."

More worryingly for mobile users, ENISA used the example of how the first drive-by threat for Android was spotted in May 2012 to underline that drive-by attacks as they are now targeting mobile devices.

"Most of the drive-by attacks detected originate from cyber criminals who have adopted this exploitation technique and use it widely via exploit kits, such as Blackhole22," ENISA's report added.

The next biggest threats cited in the report were Worms and Trojans. ENISA said Worms and Trojans made it into second place due to their widespread use by cyber criminals for moneymaking.

"Trojans are the most reported type of malicious code. Although a relatively small amount of computer systems were infected by worms, massive worm epidemics observed in the past have been replaced by an increasing number of targeted Trojans," ENISA's report stated.

"Trojan Autorun and Conficker worms are still two of the top threats worldwide. These two pieces of malware are more than four years old and, even though the vulnerabilities that allow them to infect systems have been addressed, they still claim victims."