The arrest of masterhacker ‘Paunch’ has led to cybercriminals to revert to less sophisticated methods of Malware delivery, including exploit kits offering large scale Malware-as-a-Service.
Websense security research director, Alexander Watson, said the aftermath of ‘Paunch’s’ arrest by Russian police had led to a trend involving criminal groups, who were former users of Blackhole, experimenting with different tactics such as the up and coming Magnitude Exploit kit, social engineering techniques and direct attachments.
“In the research blog, we show evidence after Paunch’s arrest of a popular criminal gang experimenting with the Magnitude exploit kit and then reverting back to less sophisticated methods of malware delivery, such as using direct attachments,” he said.
“This shift indicates that either Magnitude was not working out from a business or technology perspective by the cyber-criminal gang.
Watson said another interesting angle was that with no clear successor to Blackhole, cyber-criminal gangs may be investing in other places to make up for the lost income due to less sophisticated delivery mechanisms for malware.
“This could include more advanced or effective ransomware, such as CryptoLocker and Browlock or more aggressive installations of malware on compromised computers,” he said.
“As we noted in our 2014 predictions, we believe that in the next months there will be a return to URL based email attacks utilizing exploit kits that offer ‘malware as a service’ on a larger scale.
“The use of exploit kits is simply a more effective delivery mechanism- especially with an increasingly security aware target audience.”