All the latest UK technology news, reviews and analysis


Android and Java top security targets for malware and hacks

16 Jan 2014
Google Android Malware

Google's Android mobile operating system (OS) is the target of 99 percent of the world's mobile malware, according to Cisco.

Cisco revealed the trend in its 2014 Annual Security Report, which also showed that the Andr/Qdplugin-A malware was the most common Android variant, being used in 43.8 percent of all known attacks.

Cisco reported that the Android malwares are mainly spread as Trojanised applications designed to look like real, legitimate apps on third-party marketplaces. Director of cyber security at Cisco Terry Greer-King told V3 the high attack levels are generally believed to be due to Android's open nature.

"Android also has a large install base and is therefore an attractive target for hackers. It's an open platform with innumerable iterations, and hence is easier to exploit compared to a closed OS," he said.

Android's open nature lets developers alter the OS and create marketplaces and applications without Google's knowledge or consent.

Cisco's findings mark an increase in Android attack levels reported by most other vendors and agencies. The US Department of Homeland Security (DHS) listed 79 percent of all mobile threats as being designed to target Android in August 2013.

The paper also revealed Java to be the most commonly targeted coding language in the world. Cisco reported linking Java exploits to 91 percent of all Indicators of Compromise (IOCs) during its cyber forensics work.

Java has been a constant headache for firms and security vendors, with new threats appearing on a daily basis. In 2013 the vulnerability levels forced Oracle to release numerous security patches for the platform.

Greer-King said criminals' preference for Java is due to its cross-industry status. "The ubiquity and our heavy reliance on applications like Java, that help us use the internet and complete work faster, keeps it high on the list of favoured tools for criminals," he said.

"In the US, for example, 97 percent of enterprise desktops and 89 percent of desktop computers overall run Java. Simply put, this provides an attack surface too big to ignore."

The trends come during a boom in cybercrime: Cisco claims overall vulnerability and threat levels have reached their highest ever seen since it began tracking them in May 2000. The firm said 2013 was a particularly bad year, with cumulative annual threat alert levels increasing by 14 percent since 2012.

Cisco's chief security officer John Stewart said in order to deal with the influx of new threats, businesses will have to alter their traditional approach to cyber security.

"Although the Cisco Annual Security Report paints a grim picture of the current state of cyber security, there is hope for restoring trust in people, institutions and technologies – and that starts with empowering defenders with real-world knowledge about expanding attack surfaces," he said.

"To truly protect against all of these possible attacks, defenders must understand the attackers, their motivations and their methods – before, during and after an attack."

Stewart is one of many security experts to call for firms to adopt more intelligence-based security strategies. The UK government has launched several initiatives designed to help businesses adapt their strategies, including the launch of the Cyber Security Information Sharing Partnership (CISP) in 2013.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson
About

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Poll

Windows 10 poll

What are your first impressions of Windows 10?
13%
4%
10%
4%
21%
4%
44%

Popular Threads

Powered by Disqus
V3 Sungard roundtable event - Cloud computing security reliability and scalability discussion

CIOs debate how to overhaul businesses for the digital era

V3 hosts roundtable with Sungard Availability Services

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Database Developer/DBA – Leading Charity

We’re looking for a committed individual with: demonstrable...

Management Information Systems (MIS) Officer

We are seeking a self-motivated individual with database...

Head of Software Development / Real-Time Data

An exciting management opportunity has arisen to join...

Software Engineer

SeeByte, global market leader in in the development of...
To send to more than one email address, simply separate each address with a comma.