A recent security report emphasizes the growing criminal industry of malware and shows one of the most popular methods for DNS-attacks: the exploit kit.
Perpetrators place exploit kits – digital packages of malware – on DNS-registered domains, where they “lie in wait for users,” according to the Infoblox DNS Threat Index. And the phenomenon is growing.
The Index indicates that cybercriminals who create DNS infrastructure in order to house exploit kits increased their activity in the third quarter by 75 percent from 2014’s third quarter.
Experts warn that the rise of exploit kits “represents the automation of cybercrime.”
Rod Rasmussen, president of the cybersecurity company IID, which collaborated on the Index, said the results demonstrate how this market is maturing.
“We’ve had this proliferation of kits of various types, and over the last couple years, and in particular this last half a year to nine months or so, we’ve seen really what I would call professional software development akin to what you would see in a normal business,” Rasmussen told Channel Partners.
According to the Index, 96 percent of exploit kits are Angler – which is the most popular and is said to have hit the Daily Mail’s website last month – Magnitude, Neutrino and Nuclear.
Craig Sanderson, Infoblox’s senior director of product management, describes the Index’s parameters as more than just a raw number of malicious domains, but a representative sampling.
“There’s a better way of doing it rather than just looking at the raw number of malware domains we know about,” Sanderson said. “Because it fluctuates so quickly, we need to try to provide some sort of reference, so that the customers can understand what this really means to them.”
The index – which has a baseline of 100 – dropped from a record high of 133 in the second quarter to 122 in the third quarter. But for most of 2014, the score was hovering just below 100.
Rasmussen says he hopes the report will raise awareness about exploit kits and help companies find mitigation ideas.
“It’s really important for people to realize that they’re being actively targeted for this kind of stuff right now,” he said.
And what’s going to stop criminals from operating in this malware market?
Rasmussen says law enforcement is on the right track with a strategy that targets the sellers of malware rather than the users.
“They’re basically software shops, so you have to change your tactics and look at creative ways to go after these guys that are providing those kinds of software and services to the people who are actually going out and stealing the money directly,” he said.
Sanderson said there’s opportunity for channel partners to help combat these threats. He said network teams in charge of DNS servers rely on partners and resellers to provide guidance.
“The customers themselves sometimes struggle with implementing the necessary controls, and I think especially when it comes to the reseller channel, there’s a lot of opportunity for channel advisors to add some value and help some of these customers out,” he said.