Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

RIG Grabs 35% of Exploit Kit Market in December

The RIG exploit kit (EK) managed to grab nearly 35% of the overall EK activity during the last month of 2016, retaining the leading spot in the landscape for the fourth month in a row, Symantec reports.

The RIG exploit kit (EK) managed to grab nearly 35% of the overall EK activity during the last month of 2016, retaining the leading spot in the landscape for the fourth month in a row, Symantec reports.

RIG first emerged on cybercrime forums in April 2014, but made it to the headlines only a couple of months later, when it started delivering the CryptoWall file-encrypting ransomware. RIG has been used in various campaigns over the years, and even had its source code leaked online in February 2015.

Despite its success, the EK didn’t make it to the top of the charts until June 2016, when the Angler EK disappeared, leaving a void that other EKs have been trying to fill ever since. Even then, RIG was trailing Neutrino, but this malicious kit disappeared in last September, when RIG started replacing it in various malicious campaigns.

Now, it appears that RIG managed not only to secure the top position in the EK market, but also that it has no worthy rival as of now. According to Symantec, while RIG accounted for 34.8% of all EK activity in December, the runner up was the Fiesta EK, with only 4.2% of that activity. Magnitude came in third with only 3.2%.

Changes in the EK landscape have been small over the past few months, with worthy mentions being the disappearance of Neutrino in September, Fiesta pushing Magnitude to the third position in November, and the appearance of a new exploit kit called Stegano in December. Similar to a recent variant of Sundown, Stegano uses steganography to hide code in other type of data, mainly images.

While things remained unchanged in the EK area, the number of daily web attacks blocked by Symantec went up by roughly 33% in December. The security company blocked 388,000 such attacks per day during the last month, a significant increase compared to the 291,000 attacks per day it blocked in November.

The number of new malware variants seen in December, however, dropped significantly: it reached 19.5 million in December, although the number was 71.2 million in November. The level was the lowest registered since last July, and Symantec suggests that a decline in the activity surrounding the Kovter family of threats might have been responsible for it.

One of the most important incidents last month was the return of the infamous disk-wiping malware Shamoon, which resurfaced in a fresh wave of attacks against new targets in Saudi Arabia. Also worth mentioning is the arrest of the cybercriminals behind the Bayrob malware.

Advertisement. Scroll to continue reading.

While spam rate dropped to 54.2 percent in December, the construction sector, which was hit the most, experienced a 2.1 percentage points increase, reaching a 63.3% spam rate. New spam techniques such as hailstorms were seen distributing a variety of threats, including the Dridex and Locky families of malware.

The phishing rage decreased to one in 3,357 emails last month, with the Mining sector registering a significant improvement in this regard: the phishing activity declined from one in 972 emails in November to one in 5,423 in December. While organizations with 1,001-1,500 employees registered the highest spam rates, phishing targeted mainly businesses with 1-250 employees.

While no new Android malware family was discovered in December, the month brought to the spotlight another issue when the firmware of around 30 phone models was found to include built-in software that downloads adware and potentially unwanted apps.

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.