'Dark web' malware escalating rate of cyber crime

Cyber crime is on the rise as 'dark web' malware becomes easier to obtain and retailers are at risk for more POS attacks and data breaches.

That's the result of the new McAfee Labs Threats Report: Fourth Quarter 2013, highlighting the role of the "dark web" malware industry as a key enabler of the high-profile point-of-sale (POS) attacks and data breaches in the fall of 2013. The report brings to light the growing ease of purchasing POS malware and selling stolen credit card numbers and other personal consumer data online.

McAfee Labs dug into fourth quarter data — the time-frame of the attacks on Target (NYSE: TGT), Neiman Marcus and Michaels Stores, among others — and found the number of digital signed malware samples tripled over the course of 2013, driven largely by the abuse of automated Content Distribution Networks (CDNs) that wrap malicious binaries within digitally signed, otherwise legitimate installers.

And it found the trend is accelerating and could be a significant threat to the long-established certificate authority (CA) model for authenticating "safe" software.

Detailed research of the credit card data breaches found that the POS malware used in the attacks were relatively unsophisticated technologies likely purchased "off the shelf" from the Cybercrime-as-a-Service community, and customized specifically for these attacks.

McAfee Labs further identified the attempted sale of stolen credit card numbers and personal information known to have been compromised in the Q4 retail breaches. The researchers found the thieves offering for sale some of the 40 million credit card numbers reported stolen in batches of between 1 million and 4 million at a time.

"The fourth quarter of 2013 will be remembered as the period when cybercrime became 'real' for more people than ever before," said Vincent Weafer, senior VP for McAfee Labs. "These cyber thefts occurred at a time when most people were focused on their holiday shopping and when the industry wanted people to feel secure and confident in their purchases. The impact of these attacks will be felt both at the kitchen table as well as the boardroom table. For security practitioners, the 'off the shelf' genesis of some of these crime campaigns, the scale of operations, and the ease of digitally monetizing stolen customer data all represent a coming of age for both Cybercrime-as-a-Service and the 'dark web' overall."

By the end of 2013, McAfee Labs saw the number of malicious signed binaries in its database triple to more than 8 million suspicious binaries. In the fourth quarter alone, McAfee Labs found more than 2.3 million new malicious signed applications, a 52 percent increase from the previous quarter. The practice of code signing software validates the identity of the developer who produced the code and ensures the code has not been tampered with since the issue of its digital certificate.

Although the total number of signed malware samples includes stolen, purchased, or abused certificates, the vast majority of growth is due to dubious CDNs. These are websites and companies that allow developers to upload their programs, or a URL that links to an external application, and wrap it in a signed installer.

The message to retailers is to be ever cautious, this is not over. "Retailers in general took this as a wake-up call," Mike Fey, CTO at McAfee, said on MSNBC's Squawk on the Street. "They saw an essentially off-the-shelf...piece of malware modified for a unique environment, which was Target. A lot of retailers assumed that if they don't have a standard point-of-sale system, they were somehow safe. And I think Target showed them that's not the case."

For more:
-See this McAfee report summary
-See this MSNBC video

Related stories:
10 simple steps to protect your data
Target cancels marketing campaign following security breach, fears striking wrong chord with shoppers
Target's data hack, shaky Canada expansion cause dramatic Q4 profit loss
Target: Timeline of a data breach
Neiman Marcus missed 60,000 alerts while hackers stole credit card data