The cybercrime industry played a big role in the POS attacks and data breaches that occurred last fall. The attackers were able to purchase off-the-shelf malware kits from the cybercrime as a service community. These kits could easily be modified with little programming skill or knowledge of malware functionality. Using the malware packages, attackers were able to breach the security of retailers like Target. They were able to easily sell the stolen credit card information on the black market, using anonymous virtual currencies like Bitcoin.
“The fourth quarter of 2013 will be remembered as the period when cybercrime became ‘real’ for more people than ever before,” said Vincent Weafer, senior vice president for McAfee Labs. “For security practitioners, the ‘off the shelf’ genesis of some of these crime campaigns , the scale of operations, and the ease of digitally monetizing stolen customer data all represent a coming of age for both Cybercrime-as-a-Service and the ‘dark web’ overall.”
Researchers also found that digitally signed malware tripled in 2013. This was driven largely by the abuse of automated content distribution networks (CDN) that wrap malicious binaries within otherwise legitimate installers. By the end of 2013, McAfee Labs recorded more than eight million suspicious binaries. In Q4 alone, McAfee Labs found over 2.3 million new malicious signed applications, a 52 per cent increase from the previous quarter.
McAfee Labs believes this accelerating trend could pose a significant threat to the long-established certificate authority (CA) model for authenticating “safe” software.
The report also recorded a rise in mobile malware, with McAfee recording 2.47 million new mobile samples in 2013, with 744,000 in the fourth quarter alone. What the report calls a ‘mobile malware zoo’ of samples grew by 197 per cent from the end of 2012.
The McAfee Labs team warns that the rise of maliciously signed files could create confusion among users and administrators, and calls into question the continued viability of the CA model. The full report can be accessed here.
SAMSUNG GALAXY S8 PLUS
The Samsung Galaxy S8 Plus is a beautifully crafted smartphone with nearly no bezel, curvaceous in design and reflects a…
How to: Connect to Exchange Online Using Multi-Factor Authentication
Using PowerShell to manage your Microsoft cloud services like Exchange Online and using multi-factor authentication (MFA) separately is awesome. Using…