Exploits come in waves followed by periods of quiet. A new wave of attacks is in the works, says Exploit Prevention Labs.
Cybercriminals are laying the foundation for another round of attacks, a security researcher warned Tuesday, but they're keeping their heads down in the meantime.
"The exploit underworld is characterized by manic flurries of activity accompanying new attacks, followed by periods of quiet," said Roger Thompson, Exploit Prevention Labs' chief technology officer, in an e-mail. "Consequently, following their successful [Internet Explorer] VML exploit in September, we believe [they're] now laying the groundwork for a new round of attacks."
Thompson's October exploit survey, a monthly status update of the most prevalent exploits, shows how attackers have settled into a cyclical pattern. "[It's] like a tidal surge that crashes to shore and then slowly ebbs back to sea."
In the survey's top spot was WebAttacker, a multiexploit generator that's bounced around the top of the list for half a year. WebAttacker is just one of several exploit kits sold in the attacker underground, and is frequently updated, said Thompson, to help criminals take advantage of newly discovered vulnerabilities. The most recent WebAttacker update was done in early October, when the kit added support for WebViewFolderIcon setSlice exploit.
WebAttacker accounted for 32% of all exploits detected in October, added Thompson, more than double its September tally of 14%.