What to Expect from Toolkits and Exploit Kits this 2013
As profit remains the main driver of these threats, cybercriminals will continue to implement new features to increase profit and new countermeasures to protect their investment by keeping security researchers in the dark. So far, the following notorious crimeware underwent some noteworthy changes.
ZeuS. Though last updated around more than 2 years ago, ZeuS remains popular among cybecriminals due to its reliability. Because it was coded well, cybercriminals continue to earn money from this toolkit and evade law enforcement.
Spyeye. Initially deemed as ZeuS’ rival, SpyEye’s creator Gribodemon offered the toolkit as an alternative while providing support to existing ZeuS customers. Since its debut in 2009, it underwent several improvements until its creator disappeared sometime in 2010.
Citadel and Ice IX. Both are considered by products of ZeuS, however each of these toolkits present certain improvements. Citadel contains more user-friendly control panel, while Ice IX is supposedly protected against trackers.
Blackhole exploit kits. Known to distribute malware by exploiting known software vulnerabilities, the stealthier version of Blackhole Exploit Kit was recently released. To avoid detection, its creator Paunch does not directly provide the kit, but instead installed in a web server somewhere that is connected to a database for logging and reporting.
Toolkits and exploit kits are entering a new era armed with new business models, customer interaction and ways to communicate. The number of these kits is probably going to increase in the next few years and will incorporate more functionality like rootkit functionality.
These kits will also likely to be more robust, reliable and harder to detect. The current life cycle for a kit is around 2 or 3 years, we should then expect a new wave of new kits anytime soon as we are already seeing some new kits popping up such as Red Kit, Sweet Orange, CritXPack and Cool ExploitKit.
For convenience, we are also expecting that cybercriminals are likely to focus on developing toolkits as opposed to creating new malware. To know more about crimeware and how it evolved, you may read our research paper The Crimeware Evolution.
In our Threat Security 2013, we are anticipating conventional malware threats to steadily evolve, though focusing more on how to reach their victims unnoticed by security researchers. To know more about our other predictions for 2013 and beyond, you may read Security Threats to Business, the Digital Lifestyle, and the Cloud.