Symantec's report on attack toolkits and malicious websites reveals that as attack kits become more accessible and relatively easier to use, they are being utilized much more widely. This has attracted traditional criminals who would otherwise lack the technical expertise into cybercrime, fueling a self-sustaining, profitable, and increasingly organized global economy.
2. Global Intelligence Network
Identifies more threats, takes action faster & prevents impact
Calgary, Alberta Dublin, Ireland
Tokyo, Japan
San Francisco, CA
Mountain View, CA Austin, TX Chengdu, China
Culver City, CA
Taipei, Taiwan
Chennai, India
Pune, India
Worldwide Coverage Global Scope and Scale 24x7 Event Logging
Rapid Detection
Attack Activity Malware Intelligence Vulnerabilities Spam/Phishing
• 240,000 sensors • 133M client, server, • 35,000+ vulnerabilities • 5M decoy accounts
• 200+ countries gateways monitored • 11,000 vendors • 8B+ email messages/day
• Global coverage • 80,000 technologies • 1B+ web requests/day
Preemptive Security Alerts Information Protection Threat Triggered Actions
Attack Toolkits and Malicious Websites 2
3. Attack Toolkits and Malicious Websites – Report Details
Attack Toolkits and Malicious Websites 3
4. Accessibility
• Attack kits allow unskilled attackers to enter the market with
sophisticated tools
• Attack kits feature easy to use icon-driven GUIs that include
checkboxes and pull down menus
Attack Toolkits and Malicious Websites 4
5. Accessibility
• Centralized administrative interfaces provide easy access to
various toolkit functions
• The increasing sophistication and “user-friendly” features is
further evidence of the increasing organization and profitability
of the underground economy
Attack Toolkits and Malicious Websites 5
6. Ease of Use
• Statistics and information on compromised hosts can be
gathered for further use
• Tasks can now easily be done with a few clicks of the mouse
Attack Toolkits and Malicious Websites 6
7. Ease of Use
• Complex exploits are simplified for the toolkit user.
Attack Toolkits and Malicious Websites 7
8. Increased Utilization
• Toolkits account for nearly two-thirds of all threat activity on
malicious websites
• As kits become more robust and easier to use, this number will
likely climb
Attack Toolkits and Malicious Websites 8
9. Faster Proliferation of Attacks
• New exploits are quickly incorporated into kits
• Allows newer attacks to proliferate rapidly so they are seen by
more users soon after release
Attack Toolkits and Malicious Websites 9
10. Faster Proliferation of Attacks
• A single attack kit installed on a popular website can exploit a
large number of users in a short period of time
!
Attack Toolkits and Malicious Websites 10
11. Profitability
• Toolkits are relatively easy to find for purchase through simple
Web searches
• Advertisements can be found on the underground economy and
Web forums
Attack Toolkits and Malicious Websites 11
12. Profitability
• Both creators and users of kits profit from them
• Creators profit by selling the kits while users profit through
information theft
Attack Toolkits and Malicious Websites 12
13. Key Facts and Figures
Attack Toolkits and Malicious Websites 13
14. Malicious Web Pages
• During this reporting period, Symantec observed more than
310,000 unique domains that were found to be malicious
• On average, this resulted in the detection of more than 4.4
million malicious Web pages per month
Attack Toolkits and Malicious Websites 14
15. Attack Frequency
• Frequency of attacks rises when new exploits are released, then
declines over time
• As new kits become well known, sites hosting them are shut
down faster and more often
Attack Toolkits and Malicious Websites 15
16. Malicious Websites by Search Term
• Categories of search terms that led to malicious websites
• Blackhat search engine optimization is often used to lead users
to malicious sites through searches
Attack Toolkits and Malicious Websites 16
17. About the Report
The Symantec Report on Attack Toolkits and Malicious Websites,
developed by the company’s Security Technology and Response
(STAR) organization, is an in-depth analysis of attack toolkits. The
report includes an overview of these kits as well as attack
methods, kit types, notable attacks and attack kit evolution. It
also includes a discussion of attack kit features, traffic generation
and attack kit activity.
Attack Toolkits and Malicious Websites 17