McAfee Exposes Dark Web of POS Cybercriminals

With so many retail breaches, all eyes are on a McAfee Labs Threats Report that shines a light on the role of what it calls the EUdark webEU malware industry. Just released, the security firmEUs fourth quarter 2013 report calls this dark web a EUkey enablerEU of the news headline-generating point-of-sale (POS) attacks and data breaches that were exposed last fall.

According to the report, itEUs getting easier to purchase POS malware online, then sell the stolen credit card numbers and consumer data online. In one disturbing finding, McAfee Labs reports the number of digitally signed malware samples rose 300 percent in 2013 thanks to the abuse of content distribution networks (CDNs) that wrap malicious binaries within digitally signed, otherwise legitimate installers. And that, the firm said, could prove threatening to the current certificate authority models for authenticating legitimate software.

Vincent Weafer, senior vice president for McAfee Labs, pointed out that the fourth quarter of 2013 will go down in history as a time when cybercrime became EUrealEU for more people than ever before. Most people were focused on holiday shopping while the industry wanted people to feel secure making purchases online and in bricks-and-mortar stores.

EUThe impact of these attacks will be felt both at the kitchen table as well as the boardroom table,EU Weafer said. EUFor security practitioners, the EUoff the shelfEU genesis of some of these crime campaigns, the scale of operations, and the ease of digitally monetizing stolen customer data all represent a coming of age for both cybercrime-as-a-service and the EUdark webEU overall.EU

Relatively Unsophisticated

HereEUs the scary news: the POS malware used in the high-profile fourth quarter credit card data breaches wasnEUt especially sophisticated. In fact, McAfee reports that the malware was just the opposite. Most likely it was purchased right off the digital shelf of a cybercrime-as-a-service community...

Comments are closed.