During the last three months of 2015, the Angler exploit kit (EK) improved its dominance as the world’s most popular crime kit, increasing its market share from 30% in Q3 2015 to 56% in Q4 2015.
, we reported that exploit kit usage was divided between four major players: Angler with 30%, Magnitude with 29%, Neutrino with 21%, and Nuclear with 16%.
Now, theis revealing that things took a dramatic turn in the year’s last quarter, and Angler grew to a 56% market share, followed by RIG with 20%, Magnitude with 10%, Nuclear with 8%, and Neutrino decreasing to a meager 4% market share.
Most of the Internet’s cyber-crime infrastructure is hosted in the US
According to Infoblox, nine out of ten of these exploit kits were hosted in just two countries, the US and Germany. The US accounted for 72% of all domains on which exploit kit were installed while Germany accounted for 19.7%.
“It would be a silver lining if US hosting providers were quick to take down malicious content at dangerous domains once they’re identified, but they are not,” said Lars Harvey, vice president of security strategy at Infoblox. “The fact of the matter is that many hosting providers can be slow to respond, allowing exploits to propagate for considerably longer than they should. This should be a key area of focus for improvement.”
No other countries registered above 2%. The only ones that scored above 1% were Turkey with 1.8%, Ireland with 1.79%, Switzerland with 1.27%, and the UK with 1.14%.
In fact, malicious domains, either used for exploit kits, DDoS attacks, or malware C&C servers rebounded in Q4 2015, nearing the record-high levels encountered in Q2 2015.
Using their own internal threat index, Infoblox rated Q4 2015 with a score of 128, second all-time to the record of 133, recorded in Q2 2015. Taking account that malvertising is becoming the go-to method for delivering malware these days, exploit kit usage is expected to rise, along with the number of global malicious domains.