Symantec believes that attack kits play a significant role in the continuing evolution of cybercrime into an economic model worth millions of dollars.
Attack kits are bundles of malicious code that novices and experts alike can use to facilitate cyber attacks on networked computers. Typically used to enable the theft of sensitive information and provide the ability to customize threats in order to evade detection, as well as automating the attack process.
While attack kits have been in existence for close to two decades, Symantec has detected an upward trend in their development, sale, and use in the last few years . Symantec’s latest report on Attack Toolkits and Malicious Websites reveals that with the dramatic simplification of the process of creating and launching cyber attacks, attack toolkits are quickly becoming the primary fuel driving the increasingly self-sustaining, profitable and organized underground economy.
Cybercrime is no longer limited to those with advanced programming skills. Traditional criminals, who would otherwise lack the technical expertise, are being drawn into cybercrime. This much larger pool of criminals entering the space means a higher likelihood of the average user being victimized and a greater number of attacks. Infact, 61 percent of web-based threat activity detected by Symantec during the reporting period was attributable to attack kits. As cyber attacks have become more profitable, the popularity of attack kits has dramatically increased.
The growing prevalence of attack kits is indicative of cybercrime becoming increasingly organized and adaptable. This includes the specialized production of goods and services, the outsourcing of production, multivariate pricing, and adaptable business models. An interesting observation and another indication of the increased maturity of the cybercrime marketplace is the allied service-based secondary economy, whereby the kit developers and others provide a range of additional, post-purchase services to enhance the profitability of the kits. Cybercriminals routinely advertise installation services, rent limited access to kit consoles, and use commercial anti-piracy tools to prevent attackers from using the tools without paying.
In order to mitigate cyber attacks organizations and end users should ensure that all software is up-to-date with vendor patches. They should create policies to limit the use of browser software and browser plug-ins. Organizations can also benefit from using website reputation, IP black listing solutions, antivirus and intrusion prevention systems.