The "McAfee Labs Threats Report: Fourth Quarter 2013," released today, highlights the ease of purchasing POS malware online, and of selling stolen credit card numbers and other personal consumer data online. The report describes the dark Web malware industry as a key enabler of the high-profile point-of-sale attacks in late 2013.
McAfee Labs also saw the number of digitally signed malware samples triple during 2013, driven by the abuse of automated content distribution networks that wrap malicious binaries within digitally signed, otherwise legitimate installers.
McAfee Labs believes this accelerating trend could pose a significant threat to the long-established certificate authority model for authenticating "safe" software.
The report finds that the POS malware used in the recent attacks employed relatively unsophisticated technologies likely purchased "off the shelf" within the cybercrime community, and customized for the attacks.
McAfee Labs further identified the attempted sale on the dark Web of stolen credit card numbers and personal information known to have been compromised in the Q4 retail breaches. The researchers found the thieves offering for sale some of the 40 million credit card numbers reported stolen in batches of between 1 million and 4 million at a time.
"The fourth quarter of 2013 will be remembered as the period when cybercrime became 'real' for more people than ever before," said Vincent Weafer, SVP at McAfee Labs. "For security practitioners, the off-the-shelf genesis of some of these crime campaigns, the scale of operations, and the ease of digitally monetizing stolen customer data all represent a coming of age for both cybercrime-as-a-service and the dark Web overall."
During 2013, McAfee Labs saw the number of malicious signed binaries in its database triple to more than 8 million, including 2.3 million new malicious signed applications in Q4 alone — a 52 percent increase from Q3.
The vast majority of growth is due to dubious content distribution networks or CDNs, websites and companies that allow developers to upload their programs, or a URL that links to an external application, and wraps it in a signed installer.
Additional Q4 2013 findings by McAfee Labs:
- mobile malware samples increased 197 percent in 2013, compared with 2012;
- ransomware samples rose by 1 million, doubling between Q4 2012 and Q4 2013;
- suspicious URLs rose by 70 percent in 2013;
- malware proliferation occurred at the rate of 200 new malware samples every minute, or more than three new threats every second; and
- master boot record-related attacks totaled 2.2 million in 2013.
Read the full "McAfee Labs Threats Report: Fourth Quarter 2013," online.