Exploit kit writers turn away from Java, go all-in on Adobe Flash
312% increase in Flash vulns over 2014, says study
Exploit kit writers are no longer fussed about Java vulnerabilities, focusing their attention almost entirely on Adobe Flash.
All of the top 10 vulnerabilities targeted by exploit kits during 2015 are related to Adobe Flash, according to a new study [PDF] from NTT Group.
In 2013, by contrast, the top 10 vulnerabilities targeted by exploit kits included one Flash and eight Java vulnerabilities.
The reason for the switch-up is not hard to figure out. Java vulnerabilities have dropped steadily since 2013. At the same time, the number of publicized Flash vulnerabilities jumped by almost 312 per cent (four-fold) over 2014 levels, NTT reports.
The findings come from the latest edition of NTT Group's global threat intelligence report, published on Tuesday. The report features an expanded view of the threat landscape with input from NTT's key partners – Lockheed Martin, Wapack Labs, Recorded Future and the Center for Internet Security.
The report analyses threats and trends from the previous year, pulling together information from 24 security operations centres, seven R&D centres, 3.5 trillion logs, 6.2 billion attacks and nearly 8,000 security clients across six continents.
Nearly 21 per cent of vulnerabilities detected in client networks were more than three years old. Results included vulnerabilities from as far back as 1999, making them more than 16 years old.
Spear phishing attacks accounted for approximately 17 per cent of incident response activities supported in 2015. NTT Group observed an 18 per cent rise in malware detected for every industry other than education.
"NTT clients from the education sector tended to focus less on the more volatile student and guest networks, but malware for almost every other sector increased," a spokesman from NTT Group's Solutionary managed security service business commented. ®