Most exploit kits originated in Russia, say researchers

58 percent of the vulnerabilities targeted by the most popular exploit kits in Q4 were more than two years old and 70 percent of exploit kits reviewed were released or developed in Russia, reveals Solutionary SERT’s Q4 2012 Quarterly Research Report.

In reviewing 26 commonly used exploit kits, SERT identified exploit code dating as far back as 2004, serving as evidence that old vulnerabilities continue to prove fruitful for cyber criminals. The fact that 58 percent of the vulnerabilities exploited are over two years old further supports SERT findings that the number of newly discovered and disclosed vulnerabilities has declined since 2010.

The report also revealed that BlackHole 2.0 was the most often-used exploit kit; that Phoenix 3.1 supports the most vulnerabilities, approximately 9 percent; and that a large number of exploit kits have been developed and distributed in Eastern Europe, with 70 percent coming from Russia, followed by China and Brazil.

While DDoS attacks surprisingly decreased during Q4, SERT found that Web application and malware security incidences increased 8 percent. This signals that cyber criminals seem to be shifting from attacking retail sites to directly targeting consumers with social-engineering attacks, using subjects such as Hurricane Sandy to grab attention.

Research also revealed that anti-virus and anti-malware software cannot detect 67 percent of malware being distributed and that 30 percent of the malware samples studied traced back to JavaScript malware variants used for redirection, obfuscation and encryption, all used in the BlackHole exploit kit. Furthermore, the report showed that 18 percent of the malware samples studied by SERT were directly attributed to BlackHole.

“The fact that cyber criminals are able to penetrate network defenses by targeting aging vulnerabilities and using old techniques demonstrates that many organizations are still playing catch-up when it comes to cyber security. Tight budgets, inability to convince stakeholders at all levels that security should be a priority, and a shortage of research resources could be among the reasons why many security and risk teams are continuing to operate in reactive mode,” said Rob Kraus, SERT director of research.

For more details, download the report here (registration required).

Don't miss