New Websense Research- Exploit Kits “Lacking P(a)unch”

The Websense Security Labs have found that over the past two months, the criminal gangs that were using malicious email redirecting to the BlackHole exploit kit have made major changes to their tactics, techniques, and procedures, providing some interesting insights into the financially motivated cybercriminal community.

Alexander Watson, Security Research Director, Websense has made the following comments:

“In the research blog, we show evidence after Paunch’s arrest of a popular criminal gang experimenting with the Magnitude exploit kit and then reverting back to less sophisticated methods of malware delivery, such as using direct attachments. This shift indicates that either Magnitude was not working out from a business or technology perspective by the cyber-criminal gang.

Another interesting angle is that with no clear successor to Blackhole, cyber-criminal gangs may be investing in other places to make up for the lost income due to less sophisticated delivery mechanisms for malware. This could include more advanced or effective ransomware, such as CryptoLocker and Browlock or more aggressive installations of malware on compromised computers.

As we noted in our 2014 predictions, we believe that in the next months there will be a return to URL based email attacks utilising exploit kits that offer “malware as a service” on a larger scale. The use of exploit kits is simply a more effective delivery mechanism- especially with an increasingly security aware target audience.”

You can read the full blog post about this here.