Security McAfee Labs (soon to be known as Intel Security) is highlighting the role of the “dark web” malware industry as driving many of the high-profile point-of-sale attacks and data breaches the industry saw in the fall of 2013.
The vendor recently released its McAfee Labs Threats Report: Fourth Quarter 2013, and its centred around how it’s being easier and easier for cybercriminals to purchase POS malware and sell stolen credit card numbers and personal information online. McAfee also saw the number of digitally signed malware samples triple over the course of 2013, driven primarily by new attack vectors around wrapping malicious binaries within digitally signed, otherwise legitimate installers.
“The fourth quarter of 2013 will be remembered as the period when cybercrime became ‘real’ for more people than ever before,” said Vincent Weafer, senior vice-president for McAfee Labs, in a statement. “These cyber thefts occurred at a time when most people were focused on their holiday shopping and when the industry wanted people to feel secure and confident in their purchases. The impact of these attacks will be felt both at the kitchen table as well as the boardroom table. For security practitioners, the ‘off the shelf’ genesis of some of these crime campaigns , the scale of operations, and the ease of digitally monetizing stolen customer data all represent a coming of age for both Cybercrime-as-a-Service and the ‘dark web’ overall.”
McAfee is particularly worried about the growth in maliciously signed files, and warns it could bring the continued viability of the CA model for code signing into question.
“Although the expansion of the CA and CDN industries has dramatically lowered the cost of developing and issuing software for developers, the standards for qualifying the identity of the publisher have also decreased dramatically,” said Weafer. “We will need to learn to place more trust in the reputation of the vendor that signed the file, and less trust in the simple presence of a certificate.”
Other findings from McAfee for Q4 include mobile malware sample growth of 197 per cent, a doubling of ransomware samples, and 300 new malware samples every minute.
