Security Strategies

'Exploit Kit' Security Threats on the Rise, Warns Infoblox

An alarming escalation in the development of security threat tools known as "exploit kits" has been identified in the latest DNS Threat Index report published by security system vendor Infoblox.

Exploit kits, created by experienced hackers (using DNS infrastructure) and then sold to criminals that lack security know-how, vastly increase the number of potential security threats to enterprises, governments and individuals and are "a particularly alarming category of malware because they represent the automation of cybercrime," according to Infoblox Inc. The resulting security attacks are conducted via email or through compromised websites and online adverts.

Learn more about strategies for keeping networks and customer data secure at our upcoming Carrier Network Security Strategies event in New York on December 2.

Exploit kit development activity ramped up by 75% year-on-year in the third quarter of 2015, according to the report, which is based on information collected by cyberthreat intelligence specialist IID . Four such kits -- Angler, Magnitude, Neutrino, and Nuclear -- accounted for 96% of Q3 activity. One recent example was an Angler attack on popular UK newspaper website Daily Mail Online.

Source: Infoblox DNS Threat Index Q3 2015
Source: Infoblox DNS Threat Index Q3 2015

The quarterly DNS Threat Index measures the creation of malicious DNS (domain name system) infrastructure, including exploit kits. The Index, which has a baseline of 100 (the average of quarterly results for the years 2013 and 2014) stood at 122 in the third quarter, up 19% from a year earlier and down 8% from a record high of 133 in the previous quarter.

Source: Infoblox DNS Threat Index Q3 2015
Source: Infoblox DNS Threat Index Q3 2015

The full Q3 report can be accessed here. For the second-quarter report, see Infoblox DNS Threat Index, 2Q2015 Quarterly Report.

— Ray Le Maistre, Circle me on Google+ Follow me on TwitterVisit my LinkedIn profile, Editor-in-Chief, Light Reading

[email protected] 11/18/2015 | 10:32:25 AM
All the more reason... All the more reason for network operators to be introducing managed security services that can counter and deal with these hrwing threats, right?

[email protected] 11/18/2015 | 10:31:15 AM
Re: How's the transaction handled? Dark alleys indeed, but all in cybertown - this is global cybertrade and I'm sure anyone who wanted to go looking hard enough would be able to find a 'dealer' -- but that's not recommended for anyone I'd say.
msilbey 11/18/2015 | 8:34:53 AM
How's the transaction handled? I'm very curious about how these exploit kits get sold and more interestingly, delivered. I'm picturing dark alleyway meet-ups with the exchange of cash for a flash drive. Or is there a way to share these kits online?
Sign In