McAfee warns of the dangers of the "dark web"

McAfee warns of the dangers of the “dark web”

Security McAfee Labs (soon to be known as Intel Security) is highlighting the role of the “dark web” malware industry as driving many of the high-profile point-of-sale attacks and data breaches the industry saw in the fall of 2013.

The vendor recently released its McAfee Labs Threats Report: Fourth Quarter 2013, and its centred around how it’s being easier and easier for cybercriminals to purchase POS malware and sell stolen credit card numbers and personal information online. McAfee also saw the number of digitally signed malware samples triple over the course of 2013, driven primarily by new attack vectors around wrapping malicious binaries within digitally signed, otherwise legitimate installers.

“The fourth quarter of 2013 will be remembered as the period when cybercrime became ‘real’ for more people than ever before,” said Vincent Weafer, senior vice-president for McAfee Labs, in a statement. “These cyber thefts occurred at a time when most people were focused on their holiday shopping and when the industry wanted people to feel secure and confident in their purchases. The impact of these attacks will be felt both at the kitchen table as well as the boardroom table. For security practitioners, the ‘off the shelf’ genesis of some of these crime campaigns , the scale of operations, and the ease of digitally monetizing stolen customer data all represent a coming of age for both Cybercrime-as-a-Service and the ‘dark web’ overall.”

McAfee launches McAfee Threat Intelligence Exchange

McAfee offers pay-as-you-go model to MSPs

McAfee is particularly worried about the growth in maliciously signed files, and warns it could bring the continued viability of the CA model for code signing into question.

“Although the expansion of the CA and CDN industries has dramatically lowered the cost of developing and issuing software for developers, the standards for qualifying the identity of the publisher have also decreased dramatically,” said Weafer. “We will need to learn to place more trust in the reputation of the vendor that signed the file, and less trust in the simple presence of a certificate.”

Other findings from McAfee for Q4 include mobile malware sample growth of 197 per cent, a doubling of ransomware samples, and 300 new malware samples every minute.

Author: Jeff Jedras

A veteran technology and business journalist, Jeff Jedras began his career in technology journalism in the late 1990s, covering the booming (and later busting) Ottawa technology sector for Silicon Valley North and the Ottawa Business Journal, as well as everything from municipal politics to real estate.He later covered the technology scene in Vancouver before joining IT World Canada in Toronto in 2005, covering enterprise IT for ComputerWorld Canada. He would go on to cover the channel as an assistant editor with CDN.His writing has appeared in the Vancouver Sun, the Ottawa Citizen and a wide range of industry trade publications.