Business must guard against increased toolkit attacks, warns Symantec

Software sold to allow the user to mount malicious internet attacks are attracting more criminals to cybercrime, according to a study by security firm Symantec.


Software tool-kits designed to deploy attacks

Software sold to allow the user to mount malicious internet attacks are attracting more criminals to cybercrime, according to a study by security firm Symantec.

These "attack kits" are becoming more accessible and easier to use, Symantec has revealed.

Attack kits are used in most malicious internet attacks, according to Symantec's report on Attack Toolkits and Malicious Websites.

The kits are software programs used by novices and experts alike to carry out, automate and customise widespread attacks on networked computers.

Increasingly robust kits are sold on a subscription basis with regular updates and support services, the report said.


Defend your business against tool-kit attack

Symantec expects this larger pool of criminals will increase the number of attacks.

Patrick Fitzgerald, security response specialist at Symantec, said information security professionals at business organisations need to be aware of this important change.

"Education is the best form of defence, and an analysis of these kits will help identify what type of attack techniques to protect against," he said.

Javascript techniques, for example, are commonly used, and simply by blocking Javascript execution, organisations can mitigate against many techniques used by these toolkits.

"Many of the techniques grouped together by these kits have been known for some time, so it is vital for organisations to implement a comprehensive security policy based on known threats," said Fitzgerald.


Establish a clear web-use policy to control video content

A comprehensive and clear web-use policy is also very important, he said, as the study shows that the majority of computers being infected via web-based attacks are the result of users searching for video-based content.

"Organisations need to guard against computers being infected in the home environment and then passing that infection on to the corporate network," said Fitzgerald.

The study found 65% of computer infections occurred as a result of searches for video-based content. Of these, 44% were for adult entertainment sites and 21% for generic video streaming content.

Infections associated with video searches dwarfed other search terms that people commonly use, such as for social networking (3%), games (3%), music (2%) and celebrities (1%).

The findings are a clear warning that users searching for online video content at home or at work run the real risk of computer infections, the report said.

Video is attractive to attackers because of the very large base of users and the fact that visitors to these sites are more likely to have multimedia player plug-ins installed, which make them more vulnerable to attackers' toolkit exploits and increase the chance of attacks being successful, the report said.

Organisations should create policies to limit the use of browser software and browser plug-ins not required for business use, Symantec said.


Slideshow: Attack toolkits and malicious websites

Attack Toolkits and Malicious Websites
View more presentations from Symantec.

Read more on IT risk management