An increasingly elusive and sophisticated class of online attack kits is posing a far greater threat to enterprises than most realise, according to researchers with HP.
Jason Jones, an ASI team lead for HP's DV Labs security division, told V3 that exploit tools, such as the Blackhole platform, are becoming harder to track and detect for security researchers and anti-malware vendors.
In some cases, researchers are finding attacks capable of infecting as much as 80 per cent of the systems targeted.
"They are able to hide the exploit code from detection while its passing over the wire," Jones explained.
Further complicating matters, said Jones, was the growing complexity and sophistication of the malware market. As cybercriminals invest more money in attack kits, the malware developers are able to provide improved management and support systems, such as regular software updates, analytics and web management portals.
The growth is occurring at a time when many firms are preoccupied with the growth in advanced persistent threat (APT) attacks. With incidents such as the Shady RAT and Flame outbreaks dominating headlines,
Jones believes that by fixating on APTs and zero-day attacks, many firms are leaving themselves open to infections from the far more prevalent crop of web-based exploit kits.
IT chiefs often worry about the threat of so-called zero-day attacks but forget to install patches for known vulnerabilities, leaving them at far greater risk of attack, he said.
"Making sure you are patched first and then worrying about the unknown would be a better mindset."
British Airways blames 'global systems outage' for IT meltdown
Mark Zuckerberg mercilessly trolled by Harvard student newspaper after return to university he dropped out of 12 years ago
'Unauthorised user' blamed by Harvard for insulting Mark Zoinkerberg
Android under attack from 'Judy', Google Play Store malware that has infected up to 36.5 million users
Yet more Android malware discovered on the Google Play Store
Airport believes new system will be more reliable than GPS or Google Maps