Adobe and Oracle, which manages Java, have issued patches for the holes in their respective products. Cyber-criminals often target known flaws, gambling that many people are on the Web with unpatched systems. Such an assumption is often correct. In general, up to 60 percent of Java installations are never updated to the latest version, according to security vendor Rapid7.
The Java vulnerability in the latest attacks was the same exploited last month by hackers in infecting 600,000 Mac computers. Apple was criticized for not releasing a patch until six weeks after it was available for Windows systems.
The latest cyber espionage activity has the same goal as similar attacks, which is to steal data. Targets typically include email communications, research and development documents, intellectual property and information on contracts and business negotiations. Such activity is often paid for or sanctioned by government agencies. International companies are also suspected of hiring hackers to spy on rivals.
"It is important to note that there is not a single monolithic group responsible for all of these attacks," Adair and Moran said.
Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.