All the latest UK technology news, reviews and analysis

Android and Java top security targets for malware and hacks

16 Jan 2014
Google Android Malware

Google's Android mobile operating system (OS) is the target of 99 percent of the world's mobile malware, according to Cisco.

Cisco revealed the trend in its 2014 Annual Security Report, which also showed that the Andr/Qdplugin-A malware was the most common Android variant, being used in 43.8 percent of all known attacks.

Cisco reported that the Android malwares are mainly spread as Trojanised applications designed to look like real, legitimate apps on third-party marketplaces. Director of cyber security at Cisco Terry Greer-King told V3 the high attack levels are generally believed to be due to Android's open nature.

"Android also has a large install base and is therefore an attractive target for hackers. It's an open platform with innumerable iterations, and hence is easier to exploit compared to a closed OS," he said.

Android's open nature lets developers alter the OS and create marketplaces and applications without Google's knowledge or consent.

Cisco's findings mark an increase in Android attack levels reported by most other vendors and agencies. The US Department of Homeland Security (DHS) listed 79 percent of all mobile threats as being designed to target Android in August 2013.

The paper also revealed Java to be the most commonly targeted coding language in the world. Cisco reported linking Java exploits to 91 percent of all Indicators of Compromise (IOCs) during its cyber forensics work.

Java has been a constant headache for firms and security vendors, with new threats appearing on a daily basis. In 2013 the vulnerability levels forced Oracle to release numerous security patches for the platform.

Greer-King said criminals' preference for Java is due to its cross-industry status. "The ubiquity and our heavy reliance on applications like Java, that help us use the internet and complete work faster, keeps it high on the list of favoured tools for criminals," he said.

"In the US, for example, 97 percent of enterprise desktops and 89 percent of desktop computers overall run Java. Simply put, this provides an attack surface too big to ignore."

The trends come during a boom in cybercrime: Cisco claims overall vulnerability and threat levels have reached their highest ever seen since it began tracking them in May 2000. The firm said 2013 was a particularly bad year, with cumulative annual threat alert levels increasing by 14 percent since 2012.

Cisco's chief security officer John Stewart said in order to deal with the influx of new threats, businesses will have to alter their traditional approach to cyber security.

"Although the Cisco Annual Security Report paints a grim picture of the current state of cyber security, there is hope for restoring trust in people, institutions and technologies – and that starts with empowering defenders with real-world knowledge about expanding attack surfaces," he said.

"To truly protect against all of these possible attacks, defenders must understand the attackers, their motivations and their methods – before, during and after an attack."

Stewart is one of many security experts to call for firms to adopt more intelligence-based security strategies. The UK government has launched several initiatives designed to help businesses adapt their strategies, including the launch of the Cyber Security Information Sharing Partnership (CISP) in 2013.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus

Work location poll - office, remote or home?

Where do you spend most time working on your primary work device?

Popular Threads

Powered by Disqus
LG G Flex 2 hands-on review

CES 2015: LG G Flex 2 video

A closer look at LG's latest curved-screen smartphone

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Beacon technology: what are the opportunities and how does the technology work?

This paper seeks to provide education and technical insight to beacons, in addition to providing insight to Apple's iBeacon specification


Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Systems Operations Supervisor

Our Client is seeking an Operations Systems Analyst/Supervisor...

Project Manager / Technical Project Manager - (Prince 2, ERP, MS Project, ISO, PPI)

Project Manager / Technical Project Manager - (Prince...

Software QA Tester - No.1 Online Video Gaming Tech Provider

Software QA Tester - No.1 Online Video Gaming Tech Provider...

Development Team Leader - Sage One

What's it all about? Sage One is designed specifically...
To send to more than one email address, simply separate each address with a comma.