The past few months , Exploit tools are busy .
First, last September , The researchers detected a blackmail attack . Attackers exploit expired content management systems （CMS）, Redirect the user to a computer with Neutrino Vulnerability kits and Teslacrypt The malicious domain name of blackmail software .
And then two months later , Researchers have found another wave of blackmail software attacks . This time, , The attacker used Angler and Cryptowall 4.0. Then in 2016 year ,Neutrino and RIG New attack strategies have been developed 、 Attack payloads and behind the scenes servers , But it's taken for granted .
All of the above activities mean , Vulnerability exploitation package is the main force behind the rise of cyber crime . It should be noted that , Vulnerability packages are now used by more than just individual criminals . at present , burgeoning “ Malware as a service ” This model can help individuals who lack technical experience to buy or rent Angler、Neutrino、RIG And so on .
There is no doubt that the development of the above business model will promote the active development of the vulnerability toolkit market . The market is booming in the past few years , It will continue to grow rapidly in the foreseeable future .
To address the challenge of exploit packages , It has to be understood more deeply “ Exploit as a service ” Model .Heimdal Security I recently posted a blog , The reasons for the rise of the business model are discussed .
The answer comes down to the following four elements ：
#1. Easy to use
One of the main selling points of the exploit toolkit is ease of use . Everything's pre coded , Customers can integrate embedded console and user-friendly Web Interface used in combination , Plan the cyber attacks you need .
occasionally , If the user is really in trouble , They can also choose to contact a technical support representative , Get help with vulnerability package configuration , Or enable more advanced features .
#2. Cost performance
The second reason behind the rise of the exploits as a service business model is its propaganda . Most of the vulnerability kits have two sales models: buy out and rent out , This can maximize the satisfaction of cyber criminals with different consumption capacities . Besides , They can also stably transmit network traffic to infected websites .
This ensures that consumers can exchange low investment for excellent return on investment , If they use Angler 、Neutrino And so on , The pay will be more substantial . Besides , Many vulnerability packages have the function of charging as soon as they are installed , Consumers can only pay for successful infections , Further reduce the cost of attack .
Vulnerability toolkit as a service also provides a strong flexibility for attackers . Most vulnerability toolkits come with multiple configuration modes and plug-ins , Attackers can even choose homemade malware as the main attack payload , Very customizable .
So consumers have a lot of choices . They can use blackmail software to lock down the device the victim is using 、 Steal personal information with bank Trojan horse 、 Let infected devices join the botnet , Or launch a targeted attack .
Every exploit package has built-in information about Adobe Flash、Web Vulnerabilities in browsers and other applications , This gives them the full capacity to do that .
#4. The hidden
If you package the exploit tool , It means less exposure . therefore , Most vulnerability packages come with a variety of ways to avoid traditional anti-virus software detection . For example, using polymorphic drips 、 Change the malicious code on the target device every day 、 Using bitcoin as a means of payment, etc .
Easy to use 、 Cost performance 、 Flexibility and concealment , Vulnerability package as a service will continue to attract cyber criminals in the future .