The myth of the elite super hacker is not the reality in the case of all modern IT security attacks. When it comes to basic malware and phishing attacks, the more common culprit is a Web Exploit Toolkit, essentially a packaged application that provides point and click malware vulnerability exploits.
Jason Jones Advanced Security Intelligence Lead at HP DVLabs has been researching these toolkits and presented his findings at the Black Hat conference this week. In an interview with InternetNews, Jones explained that in the last year the Blackhole toolkits have become increasingly popular.
According to Jones, Blackhole has been at the root of numerous high profile breaches over the course of the past year. What has happened is that the successful exploitation ratio started to climb in late 2011 from a range 12 to 14 percent all the way up to 80 percent. The most reliable Blackhole attacks have been Java related exploits. Java is among the most attacked technologies on the web today for one simple reason: many users simply do not update to the latest version of Java when available.
Users not updating software are in fact the root cause for Blackhole’s success on the whole. Jones noted that all of the vulnerabilities included in Blackhole today are known and patched in some way. The Blackhole developers simply found proof of concept code for known vulnerabilities and then weaponized it.