Dark web key enabler for cyber criminals, say McAfee researchers

News

Dark web key enabler for cyber criminals, say McAfee researchers

Warwick Ashford

The dark web is a key enabler for the malware industry and has been linked to high-profile point-of-sale (POS) attacks and data breaches at US retailer Target in late 2013, say security researchers.

Cyber criminals are increasingly using hidden areas of the internet to test, refine and distribute malware, according to the latest quarterly threat report by researchers at Intel-owned security firm McAfee.

cyber-security-threat-290x230-istockphoto-thinkstock.jpg

These criminal areas of the internet are also used for fraud, people-trafficking in people and the distribution of illicit goods such as firearms and images of child abuse.

The report highlights the growing ease of purchasing POS malware online, and selling stolen credit card numbers and other personal consumer data online.

Digitally signed malware

McAfee Labs also saw the number of digitally signed malware samples triple in 2013 to more than eight million, driven largely by the abuse of automated Content Distribution Networks (CDNs).

These CDNs wrap malicious binaries in digitally signed, otherwise legitimate installers with the aim of bypassing whitelisting and sandboxing security controls.

Although the total number of signed malware samples includes stolen, purchased, or abused digital certificates, most of the of growth comes from CDNs.

These are websites and companies that allow developers to upload their programs, or a URL that links to an external application, and wrap it in a signed installer.

The practice of code signing software is aimed at validating the identity of the developer who produced the code and ensures the code has not been tampered with since the issue of its digital certificate.

But McAfee Labs believes this accelerating trend could pose a significant threat to the long-established certificate authority (CA) model for authenticating “safe” software.

Off-the-shelf malware

Detailed research of high-profile card data breaches in the fourth quarter of 2013 found the POS malware used in the attacks on Target used relatively unsophisticated technologies.

Researchers said the malware was “likely purchased ‘off-the-shelf’ from the cybercrime-as-a-service community, and customised specifically for these attacks”.

McAfee Labs’ ongoing research into underground dark web markets identified the attempted sale of stolen credit card numbers and personal data stolen in the attack on Target.

The researchers found the cyber criminals offering for sale some of the 40 million credit card numbers reported stolen.

“The fourth quarter of 2013 will be remembered as the period when cyber crime became ‘real’ for more people than ever before,” said Vincent Weafer, senior vice-president for McAfee Labs.

 “These cyber thefts occurred at a time when most people were focused on their holiday shopping and when the industry wanted people to feel secure and confident in their purchases.

“The impact of these attacks will be felt both at the kitchen table as well as the boardroom table. For security practitioners, the ‘off-the-shelf’ genesis of some of these crime campaigns, the scale of operations and the ease of digitally monetising stolen customer data represent a coming-of-age for both cybercrime-as-a-service and the ‘dark web’ overall,” he said.

McAfee's report also noted a surge in mobile malware as more people use smartphones. It collected 2.47 million new mobile malware samples in 2013, with 744,000 samples collected in the fourth quarter alone.

McAfee said its collection of Android unique samples had grown by 197% since the end of 2012.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy