Traditional criminals who would otherwise lack the technical expertise for cyber crime, are using freely available 'attack toolkits' to facilitate widespread attacks on networked computers.
In a report by security giant Symantec, this is fuelling a self-sustaining, profitable and increasingly organised global economy of cyber crime.
According to Symantec, the “relative simplicity and effectiveness” of attack kits has contributed to their increased use in cyber crime - these kits are now being used in the majority of malicious Internet attacks.
Cyber crime is easy
“In the past, hackers had to create their own threats from scratch. This complex process limited the number of attackers to a small pool of highly skilled cyber criminals,” says Stephen Trilling, senior vice-president of Symantec Security Technology and Response.
“Today's attack toolkits make it relatively easy for even a malicious novice to launch a cyber attack. As a result, we expect to see even more criminal activity in this area and a higher likelihood that the average user will be victimised.”
One major kit, Zeus, poses a serious threat to small businesses. The security company says the main objective of Zeus is to steal bank account credentials.
Symantec points out that small businesses have fewer safeguards in place to guard their financial transactions, making them a prime target for Zeus.
The profitability of malicious code attacks using Zeus was illustrated by the September 2010 arrests of a ring of cyber criminals who allegedly used a Zeus botnet in the theft of more than $70 million from online banking and trading accounts over an 18-month period.
Underground economy
Symantec says sophisticated attack kits are often sold on a subscription-based model with regular updates, components that extend capabilities, and support services.
Cyber criminals routinely advertise installation services, rent limited access to kit consoles, and use commercial anti-piracy tools to prevent attackers from using the tools without paying, according to the security company.
In addition, attack kits are now fairly easy to update, which allows developers to quickly add exploit code for new vulnerabilities. Symantec says the result is that some exploits are in the wild just days after the associated vulnerability becomes public.
In 2006, WebAttacker, a popular attack toolkit, sold for $15 on the underground economy. In 2010, Zeua 2.0 was advertised for up to $8 000, reveals Symantec.
Of the Web-based threat activity detected by Symantec during the reporting period, 61% was attributable to attack kits. The most prevalent attack kits are MPack, Neosploit, Zeus, Nukesploit P4ck, and Phoenix.
Share
