Despite being seemingly riddle with vulnerabilities, Java is no longer the favorite of exploit kit writers, who’re instead turning their attention to the equally defenseless Adobe Flash.

According to the latest Global Threat Intelligence Report by NTT Corp., all of the top ten vulnerabilities targeted by exploit kits over the last year concern Adobe Flash.

Compare that to 2013, when eight out of ten exploit kits were targeted at Java vulnerabilities.

It’s not difficult to see why hackers are abandoning attacking Java. NTT says the number of Java-related vulnerabilities has dropped rapidly since that time, whereas the number of Flash vulnerabilities publicized has jumped by almost 312 percent since 2014, an almost four-fold increase.

NTT’s report focuses on an expanded view of the threat landscape, with several of the company’s key partners providing their own input, including Lockheed Martin, Wapack Labs, Recorded Future and the Center for Internet Security. It’s a deep dive into the top threats and trends from the last year, with data coming from 24 security operations centers, seven R&D centers, 8,000 security clients from across the world, 6.2 billion reported attacks and 3.5 trillion logs.

One interesting takeaway is that almost 21 percent of network vulnerabilities discovered were at least three years old, with some of the oldest dating back to 1999. Rather worryingly, that means some of them have existed for more than 16-years.

Spear phishing attacks (such as fake emails asking for personal information) are also on the rise, accounting for 17 percent of incident response activities in 2015. NTT also said the number of malwares detected rose by at least 18 percent in every industry except for the education sector.

“NTT clients from the education sector tended to focus less on the more volatile student and guest networks, but malware for almost every other sector increased,” said a spokesperson for NTT Group’s Solutionary managed security service business.

Photo Credit: nielskliim via Compfight cc