While it is well-known that malware toolkits have become the preferred method for launching Internet attacks, a recent Symantec report has found out just how much the exploit toolkits have lowered the barrier for cybercriminals to launch campaigns.
In the article, “How Attack Toolkits Impact the Cyber-Underground,” Marc Fossi, manager of research and development for Symantec Security Response, said the ease of usability is one of the reasons why toolkits are now used in the majority of Web attacks.
“In a similar way, attack toolkits relieve the user from requiring the deep technical knowledge to write an attack, meaning a novice attacker can mount a sophisticated attack campaign using an attack kit without needing to know how to uncover vulnerabilities or how to exploit them. Attack kits reduce or remove this necessity by including prewritten exploits and malicious code along with the means for distributing these attacks, all via a friendly user interface.”
With more than 60% of all online attacks now launched by automated attack toolkits, the kits also do the homework for criminals by exploiting known vulnerabilities and keeping stats on how many times an attack is launched and how often the targets are successfully exploited, said Fossi.
As prewritten malicious code allows relatively unskilled hackers to spread widespread attacks, Bill Snyder points out in the article, “As PC Virus Turns 25, New Worry Emerges: Attack Toolkits,” the six reasons we should be concerned:
- Attack kits make it easier for relatively unsophisticated hackers to launch an attack.
- The prevalence, simplicity and effectiveness of the attack kits are contributing to an upward spike in cybercrime.
- Cyber criminals, like legitimate business people, believe in a return on investment.
- With updates, hackers are using the newest and most potent versions of the malware that can hit users even harder.
- Attack toolkits include exploits for vulnerabilities in multiple applications and technologies to increase its chances of successfully penetrating an unpatched vulnerability.
- The attack kits launch malware that can attack multiple platforms including Macs, Linux and Windows.
While these are certainly valid points in the evolution of malware toolkits, application whitelisting solutions such as Bouncer by CoreTrace protect any computer — whether it’s a Mac, Linux or Windows platform — by simply preventing the malware from executing on a system. It is so simple: if it is not on the whitelist, it doesn’t execute — whether it came from a toolkit, was custom made, was targeted, morphed, etc.