Threat Management, Threat Management

Report: Toolkits now used in the majority of cyberattacks

So-called cybercrime attack "toolkits" have over the past few years become more accessible and are now used in the majority of internet attacks, according to a report released Tuesday by Symantec.

Also called “crimeware," attack toolkits are bundles of malware used to facilitate the launch of attacks against networked computers, according to the report. These kits generally include malicious code for exploiting vulnerabilities in multiple applications and technologies, as well as tools to customize, deploy and launch widespread attacks.

Between July 2009 and June 2010, 61 percent of the web-based threat activity detected by Symantec was attributable to such kits, the report states.

“Attack kits are significantly advancing the evolution of cybercrime into a self-sustaining, profitable and increasingly organized economic model worth millions of dollars,” the report states.

The kits are also enabling those without technical hacking sophistication to engage in cybercrime, according to Symantec.

“In the past, hackers had to create their own threats from scratch,” Stephen Trilling, senior vice president of Symantec Security Technology and Response, said in a statement. “Today's attack toolkits make it relatively easy for even a malicious novice to launch a cyberattack. As a result, we expect to see even more criminal activity in this area and a higher likelihood that the average user will be victimized.”

The popularity of such attacks has ratcheted up the price of crimeware, according to the report. The popular toolkit WebAttacker sold for $15 on the underground economy in 2006. In comparison, Zeus 2.0, the so-called “king of malicious code kits,” came with a price tag of $8,000 in 2010.

Attack kits are often sold on a subscription-based model with regular updates, and some even come with support services, the report states. Cybercriminals advertise and rent access to the kits and use anti-piracy tools to ensure attackers cannot use the tools without paying.

The most prevalent attack tool kit is MPack, which was first released by a group of Russian developers in 2006. It uses IFRAME injections to launch attacks and is often copied and redistributed on the underground market, according to the report.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.