Attack Toolkits Developed For Crime Leave Organizations Open To More Attacks

By Author: EC-COUNCIL
Total Articles: 68
Comment this article

Most toolkits are malicious, developed as a form to commit an actual crime. About two-thirds of malicious Web activity can be traced back to botnets and exploit code built using popular attack toolkits sold in the underground economy, according to a new Symantec report. Kevin Haley, director of Symantec Security Response, says "We believe the tremendous growth of malware we've seen in the last two years is driven by these toolkits,"
MPack (48%), NeoSploit (31%) and ZeuS (19%) are the top three most popular attack toolkits in terms of malicious web activity. According to the Symantec report, which covers June 2009 through July 2010, the notorious software was used in botnet form to steal financial data and execute fraudulent transactions. A botnet is a collection of software agents, or robots, that run autonomously and automatically. Nowadays, the term is more commonly associated with malicious software.
These toolkits make it fairly easy for anyone to get into crimes. Those crimes include everything from running botnets for spam, financial crime and denial-of-service attacks to just the process of compromising ...
... PCs with malicious trojans through Web drive-by downloads, usually from legal websites that have been compromised.
Most repeatedly exploited by these attack toolkits were Microsoft Active Template Library Header Data Remote Code Execution Vulnerability, Adobe Flash Player Multimedia File Remote Bugger Overflow Vulnerability, and Microsoft Windows Media Player Plug-in Buffer Overflow Vulnerability with many other Microsoft and Apple protocols also popular.
Types of sites that are most likely to be loaded up with malware are popular adult entertainment and video sreaming websites, along with their misspelled-typo equivalents. Cyber criminals know what people are searching for.
In general, Symantec's research indicates that attack toolkit developers don't particularly scramble to get new vulnerabilities into their attack code, nor do they aim to incorporate zero-day attacks, despite what they say to the contrary. Thus, IT security vendors, has to explore into the world of attack toolkits since so many security countermeasures, have to be designed based on what the crime world's software developers do. Haley says to his knowledge it's not illegal to develop attack toolkits, just to use them in some form to commit an actual crime.
With attacks toolkits becoming increasingly available, software upgrades that enhance business productivity are also leaving organizations open to new attacks. Organizations need to emphasize the need for highly skilled IT professionals who can provide protection against the proliferating variants of malware generated by the attack toolkits in the hands of cybercriminals. It does not help if the IT professional working for the organization being attacked is not highly knowledgeable in the latest hacking techniques. To be hacker you must think like one.
IT Professionals can learn how to do all these and more in EC-Council’s Certified Ethical Hacker information security training. Specifically, the Certified Ethical Hacker program is required for the US Department of Defense’s (DoD) computer network defenders (CND's), a specialized personnel classification within the DoD's information assurance workforce. This qualification tests the certification holder's knowledge in the mindset, tools and techniques of a hacker. IT professionals may also attend the world renowned hacker conference , Hacker Halted.
Hacker Halted USA 2011, the annual IT security conference hosted by the EC-Council, will take place October 21 - 27 in Miami, Florida. It is the premier information security conference in the US, which aims to provide security professionals with the necessary skills and knowledge to protect their security systems from malicious attacks. It is slated to be the world’s largest reunion of Certified Ethical Hackers to date..

ABOUT EC-COUNCIL:
EC-Council is a member-based organization that certifies individuals in various e-business and security skills. It is the owner and developer of the world famous Certified Ethical Hacker (CEH) course, Computer Hacking Forensics Investigator (CHFI) program, License Penetration Tester (LPT) program and various other programs offered in over 60 countries around the globe. EC-Council is also the organizer of world renowned Hacker Halted IT security conference series. This year’s hacker conference will be held in Miami, and is the ultimate white hat hacker con in the US. Hacker Halted is considered as one of the world’s largest information security conference .