Both Java and PDF Internet traffic experienced notable declines in 2016.
Silverlight traffic has already reached a level that is not worthwhile
for threat researchers to track regularly.
Java, once the
dominant web attack vector, has seen its security posture improve
significantly in recent years. Oracle’s decision in early 2016 to
eliminate its Java browser plugin has helped to make Java a less
attractive web attack vector. PDF attacks are also increasingly rare.
For that reason, they can be easier to detect, which is why many
adversaries now use this strategy less often.
However, as with
Flash, cybercriminals still use Java, PDF, and Silverlight to exploit
users. Individual users, enterprises, and security professionals must be
aware of these potential roads to compromise. To reduce their risk of
exposure to these threats, they must:
- Download patches
- Use up-to-date web technology
- Avoid web content that might present risk