Attack toolkits, which are bundles of malicious code tools used to launch widespread attacks on networked computers, are used to steal sensitive information, such as bank account numbers and passwords, or to convert compromised computers into botnets. They are sold on the online black market to cybercriminals.
What distinguishes attack toolkits from other types of malware is their ease of use. According to a new report by Symantec, attack toolkits are being used in the majority of malicious online attacks.
“Like moths to a light on a summer’s night, attack toolkits are attracting criminals who otherwise would not have the technical know-how to carry off such attacks”, said Gerry Egan, director of Symantec’s Security Technology and Response division. “These toolkits have attracted the criminal mind because it is an easy way to make a buck or two.”
The report reveals how by simplifying the process of creating and launching cyber attacks, attack toolkits are becoming the primary fuel of an increasingly self-sustaining, profitable and organized global underground economy worth millions of dollars.
“The number one thing that struck me was the explosive growth of these web attack toolkits”, Egan told Infosecurity. “They have become easy to find online, to learn, and to deploy....Web attack toolkits can turn legitimate websites into booby traps to cause harm to unsuspecting visitors.”
Attack toolkits have accelerated the proliferation of attack techniques. To leverage vulnerabilities, exploits have to be written and distributed. “What attack toolkits have done is automate the distribution of exploits”, Egan said.
These attack kits are now often sold on a subscription-based model with regular updates and support services available. So, instead of exploits taking months or days to be developed and distributed, it now takes days or hours because the toolkits automate the distribution process, he noted.
The most famous attack toolkit is the Zeus trojan, which has been used to steal bank account information and siphon off funds from those accounts. Analysts consulted by Infosecurity estimated that Zeus has been responsible for the theft of hundreds of millions of dollars.
Symantec offered the following techniques for organizations to combat attack toolkits. Companies should ensure that anti-virus software and intrusion prevent systems are up-to-date with vendor patches, create policies to limit the use of browser software and plug-ins that are not required for users, and use website reputation and IP blacklisting solutions to block access to sites known to host attack toolkits.