James Lyne of Sophos gives us a demonstration of how an exploit kit operates and reveals what kind of techniques and information cybercriminals are using to infect computers Cybercriminals are as organized and industrious as any legitimate business. Case in point: exploit kits, also known as crimepacks, which bad guys can purchase and which make infecting computers with malware as simple as point and click. The software, often available for purchase for only a few hundred dollars, also gives the criminal comprehensive, real-time information about the machines it has impacted.With an exploit kit, criminals can “get new malware, infect web sites, build business intelligence and manage an overall malicious campaign,” according to James Lyne, director of technology strategy for security firm Sophos.[Siberian exploit kit circumvents traditional security]In this video, Lyne walked us through the dashboard of a crimepack that has been around for several years called IcePack, and gave an overview of how the exploit works and the information contained in the reporting interfaces. Lyne notes the kit reveals just how crafty criminals have become in covering their tracks, too. “If I try to access this campaign again for a second time, I am automatically redirected to a URL that doesnt exist,” he explained. “The bad guys have black-holed me so I can no longer get new copies of the malware and it is therefore hard to get information about their campaign.”Much like the blacklists used by antivirus software makers, criminals are creating what Lyne calls “good-guy blacklists,” to keep security vendors and analysts at bay. “The techniques were using against them in 2011 and 212, they are using back against us,” he said. Related content brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security news Gitlab fixes bug that exploited internal policies to trigger hostile pipelines It was possible for an attacker to run pipelines as an arbitrary user via scheduled security scan policies. By Shweta Sharma Sep 21, 2023 3 mins Vulnerabilities Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe