By now you may have heard the news that several U.S. Treasury websites were hacked, involving an attack site in Ukraine. However, as Roger Thompson, chief research officer at AVG, pointed out, even though the Treasury Department was quick to respond, the cleanup was not as easy as expected.
According to InformationWeek writer J. Nicholas Hoover:
Cisco's ScanSafe tracked the attack to a Web site that attempts to exploit numerous vulnerabilities in Adobe Reader, Adobe Acrobat, Internet Explorer, Microsoft Office, Symantec AppStream, and other applications, and said that the malicious site has targeted sites hosted by Network Solutions and GoDaddy.
Hoover also speculated that the attacks will raise concerns about federal agencies using third-party service providers. And it is a legitimate concern, as cheap or free website hosting that can be anonymous is a lure for cyber criminals.https://o1.qnsr.com/log/p.gif?;n=203;c=204663295;s=11915;x=7936;f=201904081034270;u=j;z=TIMESTAMP;a=20410779;e=i
According to Bradley Anstis, VP of technology strategy at M86 Security, this type of attack isn't unusual. He said:
These exploit kits just make it easier and inexpensive for cybercriminals to craft these kinds of attacks. Hackers don't have to know how to write code, they just need very basic knowledge of technology like PHP and MySQL to set up these exploit kits. Most sell in the $400-$1,000 USD range, with some selling for as little as $100 USD. Additionally, traditional Web Filtering with static lists would not have flagged the sites as malicious because they are legitimate, government websites that were compromised. AV signatures barely scratched the surface here. A single-solution approach is no longer feasible in today's threat landscape. A multi-layered approach is the best solution for dealing with today's constantly evolving threats.
In a report released by M86 Security, there has been an increase in exploit kits such as the one used in the Treasury attack, and the reason isn't hard to understand:
The main motivation driving the cyber crime industry is the possibility of monetary gain. Cybercriminals find it easier, faster and more cost effective to make money by buying exploits rather than taking the time to create exploits themselves. The demand for these types of tools drives opportunities. Savvy, knowledgeable individuals with skills in developing Web applications and basic knowledge in hacking have filled a niche by creating exploit kits.