The RIG toolkit became the most active exploit kit in September, a new report said.
The RIG EK grew by more than 21 percentage points to grab 24.6 percent of the exploit kit market, compared to the 3.2 percent share it had in August 2016, said researchers at Symantec in a new report.
Neutrino, which was the most active exploit kit since the demise of Angler this past June, dropped to 12 percent from 13.9 percent, Symantec researchers said.
In late September, RIG replaced Neutrino in massive malvertising campaigns, which suggested the threat landscape was changing once again.
Although RIG grew during September, Symantec researchers said the number of web attacks blocked during the month decreased to 392,000 per day, most probably a result of the decline in major toolkit activity seen over the last few months.
New malware variants were on the rise again during last month, reaching 50.1 million, a record level for the past 12 months.
The increase was most likely determined by a surge in click-fraud activity that began in August surrounding the Trojan.Kovter family of threats, Symantec researchers said. September was also the third month in a row to register an increase in email malware rate, which reached one in 113 emails, the highest rate seen since January.
The global spam rate went up from 53.1 percent to 53.4 percent in September, with the construction sector registering the highest spam rate, at 62.2 percent. The mining sector came in second at 57.7 percent.
Phishing rate went up as well, to one in 3,127 emails, with the mining sector being hit the most, at a rate of one in 726 emails. The public administration sector registered a drop in phishing rates to one in 2,188 emails in September, while small businesses with 1-250 employees registered the highest phishing rate at one in 1,544 emails.
Click here to view the Symantec report.