It has been reported that a group of cyber attackers, believed to have ties to the Chinese government, have infiltrated U.S. companies and established a long-term presence using Java-based malware, Javafog.
Dana Tamir, director of enterprise security at Trusteer, an IBM company, commented:
“Java offers powerful capabilities for businesses. Today almost every organisation relies on Java applications. But Java is a high risk application that exposes organisations to advanced attacks. Java has numerous vulnerabilities that can be exploited to deliver malware and compromise users’ machines. Malware written in Java code, like the Javafog Trojan, is extremely difficult to detect and therefore can remain stealthy for longer periods of time. The Java protections that are available today are very limited in their capabilities, especially against zero-day threats. Because organisations can’t eliminate Java from their environments, it is not surprising that adversaries and cyber-criminals are using malicious Java code to infiltrate them.
To prevent Java exploits and malware-based infiltrations, it is important to restrict execution only to known trusted Java files. Since organisations struggle to manage and maintain a complete list of all known trusted files, they should at least restrict execution to files that have been signed by trusted vendors, or downloaded from trusted domains. Otherwise untrusted Java files should not be allowed to freely execute within the enterprise environment. Restriction of untrusted Java allows organisations to safely run their business without exposing themselves to such risk.”