View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Is Internet Explorer emerging as ‘sweet spot for hackers?

IE also remains one of the most exploited products.

By CBR Staff Writer

The number of Internet Explorer vulnerabilities have increased by more than 100% since 2013, leading to the release of the highest number of security patches in more than a decade during the first six months of 2014.

These were the findings of a new report from Bromium Labs noted. Last year, Oracle’s Java was hit with highest malwares and zero day attacks, with several exploit kits having a field day with it.

The report noted: "The notable aspect for this year thus far in 2014 is that Internet Explorer was the most patched and also one of the most exploited products, surpassing Oracle Java, Adobe Flash and others in the fray.

"Bromium Labs believes that the browser will likely continue to be the sweet spot for attackers."

In particular, there were no zero day exploits reported during the first half targeted at Oracle’s Java.

Despite being exploited by zero days, Adobe also offered hackers new ways to exploit the Internet Explorer browser.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

"Unsurprisingly, all of the zero day attacks targeted end-user applications such as browsers and productivity applications like Microsoft Office," the report added.

"Typically these attacks are launched leveraging users as bait using classic spear-phishing tactics."

Furthermore, hackers created new ways to attack browsers leveraging ‘Action Script Spray’ to evade Address space layout randomisation (ASLR) and launch several zero day exploits.

The report added: "Much attention was paid to JAVA exploits in 2013 and countermeasures such as disabling Java may have had a role in forcing attackers to switch to new targets this year.

"Regardless of the causes, zero day exploits in JAVA have experienced a recent lull in activity. Time will tell."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.