- À propos de nous
- Services
- Secteurs
- Succès
- Évenements
- Blog Fr
Cybercrime found its roots among technologically gifted malware authors who made a sport of compromising networks. Today, the lure of easy money and the ubiquity of the Internet have changed the face of cybercrime and the hackers behind it. Malware authors have created a shadowy underworld market for so-called attack toolkits.
Attack toolkits are programs that make it easy for novices and experts alike to launch widespread attacks against computer systems. They also provide the ability to customize threats in order to evade detection.
According to a recent study by Symantec, attack kits have become more accessible and easier to use, attracting traditional criminals who would otherwise lack the technical expertise for cybercrime. These kits are now being used in the majority of malicious Internet attacks, fueling a self-sustaining, profitable and increasingly organized global economy.
“In the past, hackers had to create their own threats from scratch. This complex process limited the number of attackers to a small pool of highly skilled cybercriminals,” said Stephen Trilling, senior vice president, Symantec Security Technology and Response. “Today’s attack toolkits make it relatively easy for even a malicious novice to launch a cyberattack. As a result, we expect to see even more criminal activity in this area and a higher likelihood that the average user will be victimized.”
Symantec found that 61 percent of Web-based threat activity was attributable to attack kits. The most prevalent attack kits are MPack, Neosploit, ZeuS, Nukesploit P4ck and Phoenix.
ZeuS poses a serious threat to small businesses. The main objective of ZeuS is to steal bank account credentials; small businesses have few safeguards in place to guard their financial transactions, making them a prime target. In September 2010, authorities arrested a ring of cybercriminals who allegedly used a ZeuS botnet in the theft of more than $70 million from online banking and trading accounts over an 18-month period.
As cyberattacks have become more profitable, the popularity of attack kits has increased dramatically. This in turn has led to increasingly robust and sophisticated kits. These kits are now often sold on a subscription-based model with regular updates, components that extend capabilities, and support services. Cybercriminals routinely advertise installation services, rent limited access to kit consoles and use commercial antipiracy tools to prevent attackers from using the tools without paying.
Popularity and demand have driven up the cost of attack kits. WebAttacker, a popular attack toolkit, sold for just $15 on the underground economy in 2006. In 2010, ZeuS 2.0 was advertised for up to $8,000.
The speed at which new vulnerabilities and their exploits spread around the globe has increased due to innovations that attack kit developers have integrated into their products. Because attack kits are fairly easy to update, developers can quickly add code to exploit new vulnerabilities before potential victims apply necessary patches. As a result, some exploits are in the wild just days after the associated vulnerability becomes public.
Organizations and end-users should ensure that all software is up-to-date with vendor patches. Asset and patch management solutions may help ensure systems are compliant and deploy patches to systems that are not up-to-date. Organizations should also create policies to limit the use of browser software and browser plug-ins that are not required by users. This is especially prudent for ActiveX controls, which may be installed without the knowledge of the user.
Organizations can also benefit from using Web site reputation and IP black listing solutions to block outgoing access to sites that are known to host attack toolkits and associated threats. Antivirus and intrusion prevention systems can be deployed to detect and prevent exploitation of vulnerabilities and installation of malicious code.
Because attack kits are becoming easier to use, cybercrime is no longer limited to those with advanced programming skills. Participants now include a mix of individuals with computer skills and those with expertise in traditional criminal activities such as money laundering. Symantec expects that this much larger pool of criminals entering the space will lead to an increase in the number of attacks.
