Report: Toolkits now used in the majority of cyberattacks

Share this article:
So-called cybercrime attack "toolkits" have over the past few years become more accessible and are now used in the majority of internet attacks, according to a report released Tuesday by Symantec.

Also called “crimeware," attack toolkits are bundles of malware used to facilitate the launch of attacks against networked computers, according to the report. These kits generally include malicious code for exploiting vulnerabilities in multiple applications and technologies, as well as tools to customize, deploy and launch widespread attacks.

Between July 2009 and June 2010, 61 percent of the web-based threat activity detected by Symantec was attributable to such kits, the report states.

“Attack kits are significantly advancing the evolution of cybercrime into a self-sustaining, profitable and increasingly organized economic model worth millions of dollars,” the report states.

The kits are also enabling those without technical hacking sophistication to engage in cybercrime, according to Symantec.

“In the past, hackers had to create their own threats from scratch,” Stephen Trilling, senior vice president of Symantec Security Technology and Response, said in a statement. “Today's attack toolkits make it relatively easy for even a malicious novice to launch a cyberattack. As a result, we expect to see even more criminal activity in this area and a higher likelihood that the average user will be victimized.”

The popularity of such attacks has ratcheted up the price of crimeware, according to the report. The popular toolkit WebAttacker sold for $15 on the underground economy in 2006. In comparison, Zeus 2.0, the so-called “king of malicious code kits,” came with a price tag of $8,000 in 2010.

Attack kits are often sold on a subscription-based model with regular updates, and some even come with support services, the report states. Cybercriminals advertise and rent access to the kits and use anti-piracy tools to ensure attackers cannot use the tools without paying.

The most prevalent attack tool kit is MPack, which was first released by a group of Russian developers in 2006. It uses IFRAME injections to launch attacks and is often copied and redistributed on the underground market, according to the report.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical ...

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm ...

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.