The report found that toolkits, or frameworks that are bought, sold or traded to simplify the launch of cyberattacks, had notably high success rates in the systems they infected.
Of the most popular toolkits, the Zombie Infection Kit, a tool for creating botnets, had the highest success rate with more than 15 percent of hosts infected, the report found. This means that if an attacker using the Zombie kit compromised a website that attracts 100,000 visitors a month, they would be able to exploit 15,000 host machines during that time.
The LuckySploit kit, used to compromise Paul McCartney's website in 2009, had the lowest infection rate, but one which still infected 7.5 percent of hosts.“The code within these toolkits has become very mature,” Mike Dausin, manager of advanced security intelligence for HP DVLabs, told SCMagazineUS.com. “Some of what we're seeing is pretty scary because of how professional they are.”
Toolkits bundle together a set of exploits that can take advantage of a wide range of vulnerabilities, the report states. Their high infection rates partially can be attributed to their frequent use of zero-day exploits, for which there is no patch available.
While some toolkits continue to leverage already known vulnerabilities, each new release of a toolkit is likely to contain at least one new zero-day, which increases the attacker's chances of successfully infecting a host, according to the report.“Research for new vulnerabilities is not drying up,” Ed Skoudis, founder and senior security consultant at InGuardians, a penetration testing and incident response firm, told SCMagazineUS.com. “A lot of exploits now happen on a zero-day basis.”
To keep up with the release of patches, many toolkits also offer version updates for a small fee, further increasing their success rates, the report states. This feature, along with their accessibility and ease of use, has raised the demand for toolkits among criminals.
“The toolkits are a business model that has been refined and perfected,” Skoudis said.