18th October 2015
Threat Spotlight: Cisco Talos Thwarts Access to Massive International Exploit Kit
“Threat spotlight Cisco Talos thwarts access to massive international exploit kit generating 60 million Dollars annually from ransomware alone”.
Cisco Systems’ Talos security unit claims to have severely disrupted the spread of the Angler Exploit Kit, said to be one of the most widely used and effective malware programmes used within the last year. Talos describe Angler Exploit Kit as:
“the most advanced and concerning exploit kit on the market designed to bypass security devices and ultimately attack the largest number of devices possible”. Cisco discovered that “an inordinate number of proxy servers used by Angler were located on servers of service provider Limestone Networks.”
It is thought that one group of hackers were responsible for up to 50% of activity using the Angler Exploit Kit targeting 90,000 users per day. Of those 90,000 users targeted each day it was estimated that 40% were infected and 3% ended up paying an average of $300 each as a fee to remove ransomware programmes from their PCs.
Cisco suggest that this single hacking group’s annual revenue from Angler Exploit Kit malware and ransomware could be as high as approximately $34,000,000. Furthermore they assert that they believe this group is responsible for only 50% of the use of the Angler Exploit Kit and thus the malware may be worth some 60,000,000 Dollars in revenue to hackers each year worldwide.
Whilst Cisco’s figures are doubtless the result of a degree of speculation and extrapolation and cannot therefore be taken as entirely reliable, this does serve to demonstrate that the rewards for sophisticated cyber criminals are potentially huge; the increasingly interconnected world in which we live provides online criminals with an almost limitless pool of potential victims.
The success rate was extremely low, and even those successfully attacked were charged a relatively small amount, on average $300, but it is the sheer number and volume of attempted attacks that are possible that make this activity such a lucrative scam.