70 percent of exploit kits come from Russia: Report

A new report suggests that not only are we slow when it comes to patching up old exploits, but roughly 70 percent of the exploit kits come from Russia.
Written by Charlie Osborne, Contributing Writer
laptop security exploit flaw russia china

Almost 60 percent of the vulnerabilities in computing systems used by exploit kits are over two years old, and the majority of exploit kit development takes place in Russia, according to a new study by the Solutionary's Security Engineering Research Team (SERT).

The research paper (registration required) said that out of 26 exploit kits analyzed by SERT, 70 percent were either released or created in Russia, with China and Brazil the other most popular regions for exploit kit development.

SERT's report also suggested that despite a number of high-profile DDoS attacks--including hits on financial institutions, Wikileaks, and Demonoid--in Q4 2012, there was a slight reduction in reported attacks. Authentication security attacks and the presence of malware increased.

Rob Kraus, SERT's director of research, said:

The fact that cyber criminals are able to penetrate network defenses by targeting aging vulnerabilities and using old techniques, demonstrates that many organizations are still playing catch-up when it comes to cyber security. Tight budgets, inability to convince stakeholders at all levels that security should be a priority, and a shortage of research resources could be among the reasons why many security and risk teams are continuing to operate in reactive mode.

Many organizations are not patching security flaws properly, the report found. A lack of updates means that some of the oldest exploit code found in kits--dating back to 2004 in some cases--can still be used to wreak havoc. However, the security team also found that the popular BlackHole 2.0 kit exploits fewer vulnerabilities in comparison to a number of other kits that are openly available. Phoenix, for example, is the most versatile, being able to exploit 16 percent of all bugs.

Other exploit kits analyzed include Incognito v.2, Sweet Orange, and Eleonore 1.8.91.

In addition, SERT said that the majority of malware--67 percent--is not detected by the majority of anti-virus or anti-malware software, and roughly 30 percent of the samples were traced back to JavaScript malware variants used for redirection, obfuscation, and encryption, which are all used with the BlackHole exploit kit.

Editorial standards