What’s with attack toolkits and malicious websites?
What do you do with attack toolkits and malicious websites? Well, nothing much, unless you are attacked! And then, you run around, trying to restore your lost website!
According to Shantanu Ghosh, VP, India Product Operations, Symantec, attack kits are more accessible, relatively easy to use, and are being utilized much more widely. They are also driving faster proliferation of attacks. The profitability of attack kits has attracted criminals who would otherwise lack the technical expertise for cybercrime, fueling the growth of a self-sustaining, profitable, and increasingly organized global underground economy. These are the key findings from Symantec.
Attack kits allow unskilled attackers to enter the market with sophisticated tools. Attack kits feature easy to use icon-driven GUIs that include checkboxes and pull down menus. Centralized administrative interfaces provide easy access to various toolkit functions. Also, the increasing sophistication and “user-friendly” features is further evidence of the increasing organization and profitability of the underground economy.
Ease of use
Statistics and information on compromised hosts can be gathered for further use. Tasks can now easily be done with a few clicks of the mouse.Complex exploits are simplified for the toolkit user.
Toolkits account for nearly two-thirds of all threat activity on malicious websites. As kits become more robust and easier to use, this number will likely climb
Faster proliferation of attacks
New exploits are quickly incorporated into kits. This allows newer attacks to proliferate rapidly so they are seen by more users soon after release. A single attack kit installed on a popular website can exploit a large number of users in a short period of time.
Toolkits are relatively easy to find for purchase through simple Web searches. Advertisements can be found on the underground economy and web forums. Both creators and users of kits profit from them. Creators profit by selling the kits while users profit through information theft.
Malicious web pages
During this reporting period, Symantec observed more than 310,000 unique domains that were found to be malicious. On average, this resulted in the detection of more than 4.4 million malicious Web pages per month.
Frequency of attacks rises when new exploits are released, then declines over time. As new kits become well known, sites hosting them are shut down faster and more often.
Malicious websites by search terms
Here are the categories of search terms that led to malicious websites. Blackhat search engine optimization is often used to lead users to malicious sites through searches
The Symantec Report on Attack Toolkits and Malicious Websites, developed by the company’s Security Technology and Response (STAR) organization, is an in-depth analysis of attack toolkits.
The report includes an overview of these kits as well as attack methods, kit types, notable attacks and attack kit evolution. It also includes a discussion of attack kit features, traffic generation and attack kit activity.