Ever wonder where cyber-criminals get the tools to go after your computer? Not every crook out there is a computer genius who can craft malware or seek out code flaws like HeartBleed. Thieves that break into cars and houses don’t forge their own tools from molten metal. They go to the store just like you or I would for tools. Now, cyber-criminals don’t stroll on down to the hardware store – they take advantage of a massive online marketplace that sells the perfect tools for attacking your computer.
Just like you can log onto our site and order a stylus pen or flash drive, these guys can log onto black market sites and fill up their shopping cart with attack toolkits. Attack toolkits are groups of malicious code. This code allows crooks to steal the information from companies and from you and to take over your computer. They can then use your computer to attack other computers.
Most of this code is written originally to attack business or government computers originally. Big time criminals probably won’t take the time to go after individual home users. But then these guys sell this code to smaller players who have plenty of time to go after the individual.
According to security experts Symantec, “Attack kits are significantly advancing the evolution of cybercrime into a self-sustaining, profitable, and increasingly organized economic model worth millions of dollars.”
More than 60% of web-threats can be traced back to these attack toolkits. And since you don’t really need many computer skills to launch them, it enables more and more criminals to get into the cyber-crime business.
Favorite targets for these toolkits were Microsoft’s Active Template Library Header vulnerability, Adobe Flash Player’s Remote Bugger Overflow and various Apple and Microsoft issues. Tablets and phones are also a new favorite target. The Dendroid kit, clearly advertises what it can get from your phone in the image below.
There’s even a specific search engine just for searching the black market for things like malicious software toolkits as well as drugs and other contraband. Running a search for toolkits, I was able to find offers for a hacking kit and for kit that promises to allow you to set up a fake PayPal account where you can transfer your ill-gotten gains.
Why don’t authorities bust these people? They try, but they have to find them first and many of them are based on servers located in countries that don’t active seek out or prosecute cyber-criminals.
That’s why it’s very important to make sure you run all security updates available for Windows, Flash, Java and other programs and make sure to keep your security and malware software completely up-to-date. There are an ever-growing number of folks who are dedicating their time to finding a way into your computer.