attack toolkits and malicious websites
DESCRIPTION
Symantec's report on attack toolkits and malicious websites reveals that as attack kits become more accessible and relatively easier to use, they are being utilized much more widely. This has attracted traditional criminals who would otherwise lack the technical expertise into cybercrime, fueling a self-sustaining, profitable, and increasingly organized global economy.TRANSCRIPT
1
Attack Toolkits & Malicious Websites
Attack Toolkits and Malicious Websites
Global Intelligence NetworkIdentifies more threats, takes action faster & prevents impact
Information ProtectionPreemptive Security Alerts Threat Triggered Actions
Global Scope and ScaleWorldwide Coverage 24x7 Event Logging
Rapid Detection
Attack Activity• 240,000 sensors
• 200+ countries
Malware Intelligence• 133M client, server,
gateways monitored
• Global coverage
Vulnerabilities• 35,000+ vulnerabilities
• 11,000 vendors
• 80,000 technologies
Spam/Phishing• 5M decoy accounts
• 8B+ email messages/day
• 1B+ web requests/day
Austin, TXMountain View, CA
Culver City, CA
San Francisco, CA
Taipei, Taiwan
Tokyo, Japan
Dublin, IrelandCalgary, Alberta
Chengdu, China
Chennai, India
Pune, India
2Attack Toolkits and Malicious Websites
Attack Toolkits and Malicious Websites 3
Attack Toolkits and Malicious Websites – Report Details
Accessibility
• Attack kits allow unskilled attackers to enter the market with sophisticated tools
• Attack kits feature easy to use icon-driven GUIs that include checkboxes and pull down menus
Attack Toolkits and Malicious Websites 4
Accessibility
• Centralized administrative interfaces provide easy access to various toolkit functions
• The increasing sophistication and “user-friendly” features is further evidence of the increasing organization and profitability of the underground economy
Attack Toolkits and Malicious Websites 5
Ease of Use
• Statistics and information on compromised hosts can be gathered for further use
• Tasks can now easily be done with a few clicks of the mouse
Attack Toolkits and Malicious Websites 6
Ease of Use
• Complex exploits are simplified for the toolkit user.
Attack Toolkits and Malicious Websites 7
Increased Utilization
• Toolkits account for nearly two-thirds of all threat activity on malicious websites
• As kits become more robust and easier to use, this number will likely climb
Attack Toolkits and Malicious Websites 8
Faster Proliferation of Attacks
• New exploits are quickly incorporated into kits
• Allows newer attacks to proliferate rapidly so they are seen by more users soon after release
Attack Toolkits and Malicious Websites 9
Faster Proliferation of Attacks
• A single attack kit installed on a popular website can exploit a large number of users in a short period of time
Attack Toolkits and Malicious Websites 10
!
Profitability
• Toolkits are relatively easy to find for purchase through simple Web searches
• Advertisements can be found on the underground economy and Web forums
Attack Toolkits and Malicious Websites 11
Profitability
• Both creators and users of kits profit from them
• Creators profit by selling the kits while users profit through information theft
Attack Toolkits and Malicious Websites 12
Key Facts and Figures
Attack Toolkits and Malicious Websites 13
Malicious Web Pages
• During this reporting period, Symantec observed more than 310,000 unique domains that were found to be malicious
• On average, this resulted in the detection of more than 4.4 million malicious Web pages per month
Attack Toolkits and Malicious Websites 14
Attack Frequency
• Frequency of attacks rises when new exploits are released, then declines over time
• As new kits become well known, sites hosting them are shut down faster and more often
Attack Toolkits and Malicious Websites 15
Malicious Websites by Search Term
• Categories of search terms that led to malicious websites
• Blackhat search engine optimization is often used to lead users to malicious sites through searches
Attack Toolkits and Malicious Websites 16
About the Report
The Symantec Report on Attack Toolkits and Malicious Websites, developed by the company’s Security Technology and Response (STAR) organization, is an in-depth analysis of attack toolkits. The report includes an overview of these kits as well as attack methods, kit types, notable attacks and attack kit evolution. It also includes a discussion of attack kit features, traffic generation and attack kit activity.
Attack Toolkits and Malicious Websites 17