Symantec has released a new report on attack toolkits and their increasing use for creating DIY malware. Since attack toolkits can be used by novices and experts alike the new report has found that these DIY malware kits are now being used by more traditional criminals to create new waves of organized cybercrime.
As an example, the Symantec point to the case of the ZeuS attack kit which steals bank account credentials. In September 2010 police broke a ring of cybercriminals who, it is alleged, used a ZeuS botnet in the theft of more than $70 million from online banking and trading accounts over an 18-month period.
Other popular packs include MPack, Neosploit, ZeuS, Nukesploit P4ck, and Phoenix. The increased popularity of these attack kits has spawned an underground economy in the buying and selling of these suites. For example in 2006, WebAttacker, a popular attack toolkit, sold for $15 on the underground economy. In 2010, ZeuS 2.0 has been advertised for up to $8,000.
“In the past, hackers had to create their own threats from scratch. This complex process limited the number of attackers to a small pool of highly skilled cybercriminals,” said Stephen Trilling, senior vice president, Symantec Security Technology and Response. “Today’s attack toolkits make it relatively easy for even a malicious novice to launch a cyberattack. As a result, we expect to see even more criminal activity in this area and a higher likelihood that the average user will be victimized.”
The prediction for 2011 is that as more and more traditional criminals enter the foray the number of attacks will increase.