Cisco 2010 Annual Security Report – Cybercrime ROI Matrix

ReadWrite Enterprise has a nice summary of the Cisco 2010 Annual Security Report. Here are some of the key points.

Cisco goes MBA-ish with a quadrant to show trends in cybercriminals’ attack methods.

Social engineering continues as a key technique. Cisco highlights the seven weaknesses social engineers exploit: sex appeal, greed, vanity, trust, sloth, compassion, and urgency. Cisco recalls the Robin Sage fiasco.

Java has become the number one target for cybercriminals replacing PDF.

And of course, Cisco acknowledges Stuxnet and the “evil” cybercrime winner.

Microsoft: ‘Unprecedented Wave of Java Exploitation’ — Krebs on Security

Microsoft: ‘Unprecedented Wave of Java Exploitation’ — Krebs on Security.

Microsoft is confirming a huge increase in attacks against Java vulnerabilities. Why is this important? Java is installed on the majority of the world’s desktop computers.  In fact, the attack volume on Java dwarfs that of Adobe, which is saying something. Java may not be quite as ubiquitous as Adobe, but it’s close. For example, Java is required for Webex and GoToMeeting, the two most popular web meeting applications. To get an idea of the Java to Adobe proportion, see the graph below, courtesy of Microsoft via Krebs on Security.

According to Microsoft, the spike in the third quarter of 2010 is primarily driven by attacks on three Java vulnerabilities that have already been patched for some time now. Even so, attacks against these flaws have “gone from hundreds of thousands per quarter to millions.

Krebs claims the reason for this spike is the inclusion of Java exploits in the commercial crimeware kits sold in the hacker underground.

Java surely falls into that set of PC applications which must be kept up-to-date.