Report: Toolkits now used in the majority of cyberattacks

Share this article:
So-called cybercrime attack "toolkits" have over the past few years become more accessible and are now used in the majority of internet attacks, according to a report released Tuesday by Symantec.

Also called “crimeware," attack toolkits are bundles of malware used to facilitate the launch of attacks against networked computers, according to the report. These kits generally include malicious code for exploiting vulnerabilities in multiple applications and technologies, as well as tools to customize, deploy and launch widespread attacks.

Between July 2009 and June 2010, 61 percent of the web-based threat activity detected by Symantec was attributable to such kits, the report states.

“Attack kits are significantly advancing the evolution of cybercrime into a self-sustaining, profitable and increasingly organized economic model worth millions of dollars,” the report states.

The kits are also enabling those without technical hacking sophistication to engage in cybercrime, according to Symantec.

“In the past, hackers had to create their own threats from scratch,” Stephen Trilling, senior vice president of Symantec Security Technology and Response, said in a statement. “Today's attack toolkits make it relatively easy for even a malicious novice to launch a cyberattack. As a result, we expect to see even more criminal activity in this area and a higher likelihood that the average user will be victimized.”

The popularity of such attacks has ratcheted up the price of crimeware, according to the report. The popular toolkit WebAttacker sold for $15 on the underground economy in 2006. In comparison, Zeus 2.0, the so-called “king of malicious code kits,” came with a price tag of $8,000 in 2010.

Attack kits are often sold on a subscription-based model with regular updates, and some even come with support services, the report states. Cybercriminals advertise and rent access to the kits and use anti-piracy tools to ensure attackers cannot use the tools without paying.

The most prevalent attack tool kit is MPack, which was first released by a group of Russian developers in 2006. It uses IFRAME injections to launch attacks and is often copied and redistributed on the underground market, according to the report.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Ground system for weather satellites contains thousands of 'high-risk' bugs

Ground system for weather satellites contains thousands of ...

An audit of the Joint Polar Satellite System ground system revealed thousands of vulnerabilities, most of which will be addressed in two years when the next version of the system ...

Threat report on Swedish firms shows 93 percent were breached

The study by KPMG and FireEye also found that 49 percent of detected malware was unknown.

Former acting HHS cyber director convicted on child porn charges

Former acting HHS cyber director convicted on child ...

Timothy DeFoggi, who was nabbed by the FBI last year in its Operation Torpedo investigation was convicted by federal jury in Nebraska.