Solutionary Hints Intention behind Exploit KitsThe motive behind designing automated toolkits is to carry out widespread attacks, which are targeted to outdated vulnerabilities. However, according to the Q4 analysis issued by Solutionary's Security Engineering Research Team (SERT), an Omaha, Nebraska-based managed security services provider, a number of companies lack in deploying proper patches to repair them. The Company report also claimed that about 58% of the vulnerabilities targeted by popular exploit kits was more than 2-years old, once again indicating the wide scale of negligence among the users and organizations in ignoring the importance of patches and security updates. Interestingly, 70% of the exploit kits revealed in the Q4 of 2012 were actually published or developed in Russia. Exploit kits e.g. cool and sweet orange became more famous along with cybercriminals at the end of 2012 but, as per the Solutionary, Blackhole is still the most frequently employed exploit kit. Solutionary revealed that Blackhole 2.0, despite titled as the most often used exploit kit based on volume, aimed at less vulnerabilities than other exploit kits. Phoenix, the most versatile, favors almost 16% of all the vulnerabilities being exploited. Exploit kits to a large extent are focused on targeting end-user applications. As such, it is important that organizations become more attentive towards patch management and endpoint security controls so that there is a significant decline in the likelihood of vulnerabilities, as per Rob Kraus, SERT Director of Research said in a statement published by softpedia.com on January 23, 2013. Though there is a surprising decrease in the number of Distributed Denial of Service (DDoS) attacks during Q4, SERT revealed that Web application and malware security incidences increased by 8%. This however is indicative of the shift among cybercriminals from attacking retail sites to directly targeting consumers with social-engineering attacks employing subjects like Hurricane Sandy in order to grab attention. The majority of anti-virus or anti-malware software, about 67% SERT is not been identified by the majority of malware anti-virus or anti-malware software. Approximately, 30% of the samples were however traced back to JavaScript malware variants that were employed with a purpose of redirection, un-necessary confusion, and encryption that are all associated with the BlackHole exploit kit. Related article: Solution From Outsiders for Microsoft’s Flaw » SPAMfighter News - 1/29/2013 |
Dear Reader
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!