Solutionary Q4 2012 Report: 70% of Exploit Kits Originated in Russia

The security firm has released its Q4 Threat Report

  Solutionary releases its 2012 Q4 Threat Report
Security solutions provider Solutionary has released its Q4 Threat Report, which examines the threat landscape in the last quarter of 2012.

Security solutions provider Solutionary has released its Q4 Threat Report, which examines the threat landscape in the last quarter of 2012.

According to the company, many of the vulnerabilities (58%) targeted by popular exploit kits were more than two years old, which once again demonstrates that most users and organizations continue to neglect the importance of patches and security updates.

Interestingly, 70% of the exploit kits used in the fourth quarter of 2012 were actually released or developed in Russia.

Exploit kits such as Cool and Sweet Orange became more popular among cybercriminals at the end of 2012 but, according to Solutionary, BlackHole is still the most often used exploit kit.

“Exploit kits largely focus on targeting end-user applications. As a result, it is vital that organizations pay close attention to patch management and endpoint security controls in order to significantly decrease the likelihood of compromise,” said Rob Kraus, SERT director of research.

While web application and malware security incidences recorded a slight increase, on the positive side, the volume of distributed denial-of-service (DDOS) attack-related activity decreased.

“The fact that cyber criminals are able to penetrate network defenses by targeting aging vulnerabilities and using old techniques demonstrates that many organizations are still playing catch-up when it comes to cyber security,” Kraus explained.

“Tight budgets, inability to convince stakeholders at all levels that security should be a priority, and a shortage of research resources could be among the reasons why many security and risk teams are continuing to operate in reactive mode,” he added.

“By partnering with us, our customers are able to cost-effectively leverage our research and security expertise to drive security into the corporate priority stack, significantly strengthen their cyber defenses, and stay a step ahead of existing and emerging threats.”

The complete 2012 Q4 Threat Report is available here.

Comments