Cybercrime is becoming more accessible to a wider audience, increasing the odds that the average user will be victimised.
An attack toolkit is a software program that’s used to launch widespread attacks on networked computers. They include options to customise threats and evade detection, as well as to automate the attack process. And as attack kits become easier to use, they become a new option for traditional criminals who, a few years ago, would have lacked the knowhow to use them for cybercrime. Internet security firm Symantec says these kits are now used in the majority of malicious internet attacks.
One major-known kit, ‘ZeuS’, targets small businesses as they usually have fewer safeguards in place to block out such attacks. Its main use is to steal bank account details and last September a cyber criminal ring was shut down after it stole around US$70 million from businesses over an 18-month period.
The more profitable something becomes, the more popular it becomes and this has led to the kits becoming increasingly robust and sophisticated.
They are even sold on a subscription-based model with regular updates, just like your legal internet security package.
Perhaps the most worrying aspect of all this though is the fact that as the attack kits become easier to use, cybercrime opens up to the more traditional type of crook. Cybercriminals no longer need advanced programming skills or insider knowledge; they just need basic computer skills. It does help though if you have previous expertise in traditional criminal activities such as money laundering though. Symantec says that this larger pool of criminals entering the scene will lead to an increase in the number of attacks.
"In the past, hackers had to create their own threats from scratch,” said Symantec’s Stephen Trilling, VP of Security Technology and Response. "This complex process limited the number of attackers to a small pool of highly skilled cybercriminals. Today’s attack toolkits make it relatively easy for even a malicious novice to launch a cyberattack. As a result, we expect to see even more criminal activity in this area and a higher likelihood that the average user will be victimised.”