Information Security Today Home
Cyber Security Essentials
Security Strategy: From Requirements to Reality
Managing an Information Security and Privacy Awareness and Training Program, Second Edition
Mobile Device Security: A Comprehensive Guide to Securing Your Information in a Moving World
Cyber Fraud: Tactics, Techniques and Procedures

Cyber Attack Toolkits Dominate the Internet Threat Landscape

Marc Fossi, Manager of Development, Symantec Security Response

Businesses can only operate to the degree that they have the resources for those operations-a company without a software developer can't produce software, and a company without production equipment can't produce materials.

The way around that is to either bring in the right resources or outsource the work to someone else with the right resources, whether those resources be time, money, equipment or expertise.

That's exactly what is happening with cybercrime.

Criminals who don't have the knowledge or skills to develop malware on their own are turning to someone who does. These attack toolkits allow the purchasers to contribute to the global mess of malware and cybercrime.

Attack toolkits are increasingly available to an unskilled black market that is eager to participate in the speedy spread of malware. Not only are toolkits more widely available, but they are also advanced enough to evade detection while automating processes. Developers of toolkits are selling a product that is fueling the growth of a self-sustaining, profitable, and increasingly organized global underground economy.

Attack Kits Control the Landscape
In its Attack Toolkits and Malicious Websites Report, Symantec noted that 61 percent of observed web-based threat activity could be directly attributed to attack kits. The magnitude of these attacks and their widespread usage is a concern for home users as well as the enterprise and everyone in between.

One particular toolkit called Zeus, which aims at stealing bank account credentials, accounted for 65 percent of all advertisements for the sale of kits on underground economy servers observed by Symantec. In September 2010, the FBI revealed that a ring of cybercriminals was arrested for allegedly using ZeuS to steal more than $70 million from online banking and trading accounts over an 18-month period.

Because they are so profitable, toolkits are spreading in popularity. That demand, in turn, has led to the development of more technically advanced kits. Attack toolkits are so advanced that creators can update code to evade detection on the Web sites on which they reside. The creators of attack kits have so many features and updates they can apply that they have begun capitalizing on the advanced nature of their products. They sell toolkits on a subscription-based model and provide features for an additional fee in order to make more money. They have even extended their efforts to include installation services and support options.

Attack Kits Drive Faster Proliferation of Attacks
Due to their increased sophistication and ability to distribute updates, toolkits are incorporating new exploits faster than before. With a few clicks on the keyboard, kit developers can send updates to their subscribers to add new exploits to their deployed kits. Thus, attackers with toolkits can easily employ attacks against new vulnerabilities. Most exploits are added to kits after the vulnerability has been patched, but because of how rapidly exploits proliferate, users need to be patching sooner to stay ahead.

In every way, from the initial attack to the installation of malicious code and theft of information, attack kits take every aspect of cybercrime and make it more prolific than it already was.

Attack Kits Provide a New Entry into the Underground Economy
The widespread availability of attack kits has resulted in a much more diverse pool of cybercriminals. Instead of being a club exclusive to computer programmers, newcomers don't even need to know how to write a line of code-they just need the right amount of money.

What used to require a computer programmer now only requires an initial investment. The advertised cost of a toolkit ranges from $40 to $4000 but has been known to reach as much as $8000. While the average cost is $900, attackers pay different amounts based on what version they buy, what features the toolkit has and ease of use. While it takes money to make money, toolkits offer a relatively low starting price for a new stream of revenue. Thus, the appeal of toolkits is a new bane for users and security companies alike.

The new faces on the cybercrime scene may not even understand exactly how their new investments work under the hood so to speak. Still, malware proliferation has become a pastime for conventional criminals, some of which specialize in such activities as money laundering and identity theft.

The people who buy these toolkits have found an easy way to get money and do so despite wreaking havoc for innocent users. Cybercrime already causes enough headaches, but now toolkits have made it possible for even more criminals to get in on the action. The fight against cybercrime is moving forward, but the threats are quickly multiplying.

Related Reading

Introduction to Bots

The Origin and Evolution of Bot Attacks

Subscribe to Information Security Today

Powered by VerticalResponse

© Copyright 2011 Auerbach Publications