Cyber criminals are increasingly using hidden areas of the internet to test, refine and distribute malware, according to the latest quarterly threat report by researchers at Intel-owned security firm McAfee.
These criminal areas of the internet are also used for fraud, people-trafficking in people and the distribution of illicit goods such as firearms and images of child abuse.
The report highlights the growing ease of purchasing POS malware online, and selling stolen credit card numbers and other personal consumer data online.
Digitally signed malware
McAfee Labs also saw the number of digitally signed malware samples triple in 2013 to more than eight million, driven largely by the abuse of automated Content Distribution Networks (CDNs).
Read more about digital certificates
- Digitally signed malware a fast-growing threat, say researchers
- Options for mitigating digital security certificate problems
- Microsoft revokes additional digital certificates due to encryption weakness
- New malware signed with government digital certificate
- SSL certificate management: Avoiding common mistakes
- Microsoft warns of fraudulent digital certificates, issues patch
- Explaining how trusted SSL certificates and forged SSL certificates work
Although the total number of signed malware samples includes stolen, purchased, or abused digital certificates, most of the of growth comes from CDNs.
These are websites and companies that allow developers to upload their programs, or a URL that links to an external application, and wrap it in a signed installer.
The practice of code signing software is aimed at validating the identity of the developer who produced the code and ensures the code has not been tampered with since the issue of its digital certificate.
But McAfee Labs believes this accelerating trend could pose a significant threat to the long-established certificate authority (CA) model for authenticating “safe” software.
Detailed research of high-profile card data breaches in the fourth quarter of 2013 found the POS malware used in the attacks on Target used relatively unsophisticated technologies.
Researchers said the malware was “likely purchased ‘off-the-shelf’ from the cybercrime-as-a-service community, and customised specifically for these attacks”.
McAfee Labs’ ongoing research into underground dark web markets identified the attempted sale of stolen credit card numbers and personal data stolen in the attack on Target.
The researchers found the cyber criminals offering for sale some of the 40 million credit card numbers reported stolen.
“The fourth quarter of 2013 will be remembered as the period when cyber crime became ‘real’ for more people than ever before,” said Vincent Weafer, senior vice-president for McAfee Labs.
“These cyber thefts occurred at a time when most people were focused on their holiday shopping and when the industry wanted people to feel secure and confident in their purchases.
“The impact of these attacks will be felt both at the kitchen table as well as the boardroom table. For security practitioners, the ‘off-the-shelf’ genesis of some of these crime campaigns, the scale of operations and the ease of digitally monetising stolen customer data represent a coming-of-age for both cybercrime-as-a-service and the ‘dark web’ overall,” he said.
McAfee's report also noted a surge in mobile malware as more people use smartphones. It collected 2.47 million new mobile malware samples in 2013, with 744,000 samples collected in the fourth quarter alone.
McAfee said its collection of Android unique samples had grown by 197% since the end of 2012.