An alarming escalation in the development of security threat tools known as "exploit kits" has been identified in the latest DNS Threat Index report published by security system vendor Infoblox.
Exploit kits, created by experienced hackers (using DNS infrastructure) and then sold to criminals that lack security know-how, vastly increase the number of potential security threats to enterprises, governments and individuals and are "a particularly alarming category of malware because they represent the automation of cybercrime," according to Infoblox Inc. The resulting security attacks are conducted via email or through compromised websites and online adverts.
Exploit kit development activity ramped up by 75% year-on-year in the third quarter of 2015, according to the report, which is based on information collected by cyberthreat intelligence specialist IID . Four such kits -- Angler, Magnitude, Neutrino, and Nuclear -- accounted for 96% of Q3 activity. One recent example was an Angler attack on popular UK newspaper website Daily Mail Online.
The quarterly DNS Threat Index measures the creation of malicious DNS (domain name system) infrastructure, including exploit kits. The Index, which has a baseline of 100 (the average of quarterly results for the years 2013 and 2014) stood at 122 in the third quarter, up 19% from a year earlier and down 8% from a record high of 133 in the previous quarter.
The full Q3 report can be accessed here. For the second-quarter report, see Infoblox DNS Threat Index, 2Q2015 Quarterly Report.
— Ray Le Maistre, , Editor-in-Chief, Light Reading