Solutionary Hints Intention behind Exploit Kits
The motive behind designing automated toolkits is to carry out widespread attacks, which are targeted to outdated vulnerabilities. However, according to the Q4 analysis issued by Solutionary's Security Engineering Research Team (SERT), an Omaha, Nebraska-based managed security services provider, a number of companies lack in deploying proper patches to repair them.
The Company report also claimed that about 58% of the vulnerabilities targeted by popular exploit kits was more than 2-years old, once again indicating the wide scale of negligence among the users and organizations in ignoring the importance of patches and security updates.
Interestingly, 70% of the exploit kits revealed in the Q4 of 2012 were actually published or developed in Russia.
Exploit kits e.g. cool and sweet orange became more famous along with cybercriminals at the end of 2012 but, as per the Solutionary, Blackhole is still the most frequently employed exploit kit.
Solutionary revealed that Blackhole 2.0, despite titled as the most often used exploit kit based on volume, aimed at less vulnerabilities than other exploit kits.
Phoenix, the most versatile, favors almost 16% of all the vulnerabilities being exploited.
Exploit kits to a large extent are focused on targeting end-user applications. As such, it is important that organizations become more attentive towards patch management and endpoint security controls so that there is a significant decline in the likelihood of vulnerabilities, as per Rob Kraus, SERT Director of Research said in a statement published by softpedia.com on January 23, 2013.
Though there is a surprising decrease in the number of Distributed Denial of Service (DDoS) attacks during Q4, SERT revealed that Web application and malware security incidences increased by 8%. This however is indicative of the shift among cybercriminals from attacking retail sites to directly targeting consumers with social-engineering attacks employing subjects like Hurricane Sandy in order to grab attention.
Related article: Solution From Outsiders for Microsoft’s Flaw
» SPAMfighter News - 29-01-2013