McAfee Labs released the McAfee Labs Threats Report: Fourth Quarter 2013 this week, highlighting the role of the malware industry as a key enabler of the data breaches in consumer credit card information and identity theft in fall 2013.
The report, which the company released on Monday, brought to light the prevalence of malware and online black channels security experts refer to as the “dark web” and their success in catering to security hackers and identity thieves.
McAfee Labs’ report indicates the growing ease with which it is possible to purchase point-of-sale (POS) malware online, as well as the accessibility to selling stolen credit card numbers and other consumer data online.
The report notes that recent attacks were unprecedented in terms of the number of records stolen, and McAfee researchers pointed out just how efficiently and effectively the malware industry was in serving its customers.
“The attackers purchased off-the-shelf point-of-sale malware, they made straightforward modifications so they could target their attacks, and it’s likely they both tested their target’s defenses and evaded those defenses using purchased software,” the report revealed.
Detailed research of the high-profile Q4 credit card data breaches found that the POS malware used in the attacks were relatively unsophisticated technologies that were purchased “off-the-shelf” and customized specifically for these attacks.
McAfee Labs’ ongoing research into underground “dark web” further identified the attempted sale of stolen credit card numbers and personal information known to have been compromised in the Q4 retail breaches. The researchers found that some of the 40 million credit card numbers reported were stolen in batches of between 1 million and 4 million at a time and offered for sale by thieves.
“The fourth quarter of 2013 will be remembered as the period when cybercrime became ‘real’ for more people than ever before,” said Vincent Weafer, senior vice president for McAfee Labs.
“These cyber thefts occurred at a time when most people were focused on their holiday shopping and when the industry wanted people to feel secure and confident in their purchases. The impact of these attacks will be felt both at the kitchen table as well as the boardroom table. For security practitioners, the ‘off the shelf’ genesis of some of these crime campaigns, the scale of operations, and the ease of digitally monetizing stolen customer data all represent a coming of age for both Cybercrime-as-a-Service and the ‘dark web’ overall,” added Weafer.
Another concern as indicated by the report is the rising trend of malicious signed binaries—malware that appears to be legitimate because it is signed using a stolen or malicious certificate.
McAfee Labs’ team of 500 researchers in 30 countries follows the complete range of threats in real time each quarter and issues a report.
The McAfee Labs Threats Report: Fourth Quarter 2013 may be viewed in entirety here.
Image via Wikimedia Commons