Cybercriminals entrenched in 'Dark Web', researchers says

Mar 10, 2014 by Rob Lever
McAfee, the US Internet security specialist, has noted that a huge data breach that affected as many as 110 million customers of the US retailer Target may be just the tip of the iceberg

Cybercriminals are settling into a comfortable place in the "Dark Web" where they test, refine and distribute malware for online thievery.

That's the conclusion of researchers at McAfee, the US Internet security specialist, who noted that a huge data breach that affected as many as 110 million customers of the US retailer Target may be just the tip of the iceberg.

In its quarterly threat assessment released Monday, McAfee Labs noted the relative ease with which this type of malware is bought and sold in "Dark Web" marketplaces.

McAfee researchers concluded that the malware for the Target attacks used "relatively unsophisticated technologies likely purchased 'off the shelf' from the Cybercrime-as-a-Service community, and customized specifically for these attacks," the security firm said.

The report pointed out that the attackers who stole the data have also found a market—offering some of the 40 million reported stolen in batches of between one million and four million at a time.

"The fourth quarter of 2013 will be remembered as the period when cybercrime became 'real' for more people than ever before," said Vincent Weafer, for McAfee Labs.

Cybercriminals are settling into a comfortable place in the "Dark Web" where they test, refine and distribute malware for online thievery

"These cyber thefts occurred at a time when most people were focused on their holiday shopping and when the industry wanted people to feel secure and confident in their purchases. The impact of these attacks will be felt both at the kitchen table as well as the boardroom table."

Weafer added that the attacks "represent a coming of age for both Cybercrime-as-a-Service and the 'Dark Web' overall."

The "Dark Web" actors appear to be operating with ease, like other kinds of online businesses, McAfee said.

"We must recognize that this class of attack is far from 'advanced,'" it added.

"The BlackPOS malware family is an 'off-the-shelf' exploit kit for sale that can easily be modified and redistributed with little programming skill or knowledge of malware functionality."

The thieves who employ the malware can easily turn to a popular credit card black market like Lampeduza Republic, which McAfee said had a "well-organized hierarchy" which allows for a "disciplined and functional marketplace."

"Thieves can pay for the stolen credit cards using one of the many anonymous virtual currency mechanisms, such as Bitcoin," McAfee said.

"We believe these breaches will have long-lasting repercussions. We expect to see changes to security approaches and compliance mandates and, of course, lawsuits.

"But the big lesson is that we face a healthy and growing cybercrime industry which played a key role in enabling and monetizing the results of these attacks."

McAfee's report also noted a surge in mobile malware as more people use smartphones. It collected 2.47 million new mobile samples in 2013, with 744,000 in the fourth quarter alone.

Explore further: Malware up, hackers bypass security safeguards, survey says

add to favorites email to friend print save as pdf

Related Stories

Cyber crooks cranking out new weapons experts warn

May 23, 2012

Cyber criminals are cranking out new weapons at a brisk pace, tailoring malicious software for a spectrum of gadgets including smartphones, tablets, and Macintosh computers, a security firm said.

Fighting the rise of the app attackers

Feb 26, 2014

Researchers have been given a share of £3 million by the Engineering and Physical Sciences Research Council (EPSRC) to counter cyber-criminals who are using malicious apps which can collude with each other to infect the ...

Recommended for you

Google searches hold key to future market crashes

2 hours ago

A team of researchers from Warwick Business School and Boston University have developed a method to automatically identify topics that people search for on Google before subsequent stock market falls.

Lenovo's smart glasses prototype has battery at neck

4 hours ago

China's PC giant Lenovo last week offered a peek at its Google Glass-competing smart glass prototype, further details of which are to be announced in October. Lenovo's glasses prototype is not an extreme ...

Amazon launches 3D printing store

7 hours ago

Amazon announced Monday the launch of an online store for 3D printed items to allow consumers to customize and personalize items like earrings, pendants, dolls and other objects.

User comments : 0