Cyber attackers are, above all else, opportunists—malware and viruses require time and resources to develop and are therefore created with the greatest returns in mind. In terms of operating systems, Windows typically gets a bad rap for security—the price of popularity, as it were. But as other OS platforms have whittled down Windows' market share in recent years, cyber attackers have had an increasingly broad playing field for exploitation.
Cross-platform Threats on the Horizon
Last week, researchers at Kaspersky Lab discovered a few families of malware that ship as Java JAR file executables, marking the first appearance of cross-platform malware on the cyber threat landscape. This is, of course, Java's main value proposition: write once, run anywhere. It seems that hackers have taken this and utilized it for nefarious purposes; new Java-based threats coming down the pipe can equally run on Mac, Linux, Windows, and even Android devices.
The only caveat is that the Java Runtime Environment (JRE) must exist on the target system. Given the ubiquity of the Java platform, however, exploitable targets abound—according to Java.com, 97% of enterprise desktops and 89% of desktops in the U.S. run Java. As a technology, Java has been much maligned in recent years, with many security researchers calling for its complete eradication from the internet.
The spam campaigns delivering the malware JAR files have been detected using the following names:
It's worth noting that Kaspersky researchers only discovered the existence of cross-OS malware droppers, not complete standalone malware programs. Malware droppers are small pieces of software that avoid antivirus detection through their limited functionality. The purpose of a dropper is to gain entry into the system and download/install malware later from a central server hosted by the attacker. Security researchers warn that fully-fledged cross-OS malware programs are likely to soon follow.
Equal Opportunity Cyber Threats
Cross-platform ransomware. Source: Emsisoft.com.
Again, the key incentives for cross-platform malware development are economic: the rise in popularity of OS X and other Windows desktop alternatives has led to malware designed modularly for for wide distribution. Automated scanning for exposed server headers can be done with a simple script - signaling the continuing rise of automated hacking.
Whether your remediation efforts involve removing Java across your organization entirely or identifying/patching vulnerable versions of the JVM, UpGuard can ensure that exploitable flaws in your infrastructure are eliminated before reaching production environments. Our platform for cyber resilience can automatically monitor your environment for software packages—like Java—that could lead to security compromises.