Cybercriminals entrenched in 'Dark Web', researchers says

Mar 10, 2014 by Rob Lever
McAfee, the US Internet security specialist, has noted that a huge data breach that affected as many as 110 million customers of the US retailer Target may be just the tip of the iceberg

Cybercriminals are settling into a comfortable place in the "Dark Web" where they test, refine and distribute malware for online thievery.

That's the conclusion of researchers at McAfee, the US Internet security specialist, who noted that a huge data breach that affected as many as 110 million customers of the US retailer Target may be just the tip of the iceberg.

In its quarterly threat assessment released Monday, McAfee Labs noted the relative ease with which this type of malware is bought and sold in "Dark Web" marketplaces.

McAfee researchers concluded that the malware for the Target attacks used "relatively unsophisticated technologies likely purchased 'off the shelf' from the Cybercrime-as-a-Service community, and customized specifically for these attacks," the security firm said.

The report pointed out that the attackers who stole the data have also found a market—offering some of the 40 million reported stolen in batches of between one million and four million at a time.

"The fourth quarter of 2013 will be remembered as the period when cybercrime became 'real' for more people than ever before," said Vincent Weafer, for McAfee Labs.

Cybercriminals are settling into a comfortable place in the "Dark Web" where they test, refine and distribute malware for online thievery

"These cyber thefts occurred at a time when most people were focused on their holiday shopping and when the industry wanted people to feel secure and confident in their purchases. The impact of these attacks will be felt both at the kitchen table as well as the boardroom table."

Weafer added that the attacks "represent a coming of age for both Cybercrime-as-a-Service and the 'Dark Web' overall."

The "Dark Web" actors appear to be operating with ease, like other kinds of online businesses, McAfee said.

"We must recognize that this class of attack is far from 'advanced,'" it added.

"The BlackPOS malware family is an 'off-the-shelf' exploit kit for sale that can easily be modified and redistributed with little programming skill or knowledge of malware functionality."

The thieves who employ the malware can easily turn to a popular credit card black market like Lampeduza Republic, which McAfee said had a "well-organized hierarchy" which allows for a "disciplined and functional marketplace."

"Thieves can pay for the stolen credit cards using one of the many anonymous virtual currency mechanisms, such as Bitcoin," McAfee said.

"We believe these breaches will have long-lasting repercussions. We expect to see changes to security approaches and compliance mandates and, of course, lawsuits.

"But the big lesson is that we face a healthy and growing cybercrime industry which played a key role in enabling and monetizing the results of these attacks."

McAfee's report also noted a surge in mobile malware as more people use smartphones. It collected 2.47 million new mobile samples in 2013, with 744,000 in the fourth quarter alone.

Explore further: Malware up, hackers bypass security safeguards, survey says

add to favorites email to friend print save as pdf

Related Stories

Cyber crooks cranking out new weapons experts warn

May 23, 2012

Cyber criminals are cranking out new weapons at a brisk pace, tailoring malicious software for a spectrum of gadgets including smartphones, tablets, and Macintosh computers, a security firm said.

Fighting the rise of the app attackers

Feb 26, 2014

Researchers have been given a share of £3 million by the Engineering and Physical Sciences Research Council (EPSRC) to counter cyber-criminals who are using malicious apps which can collude with each other to infect the ...

Recommended for you

US won't reveal records on health website security

Aug 19, 2014

The Obama administration has concluded it will not publicly disclose federal records that could shed light on the security of the government's signature health care website because doing so could "potentially" allow hackers ...

Premier FBI cybersquad in Pittsburgh to add agents

Aug 17, 2014

The FBI's premier cybersquad has focused attention on computer-based crime in recent months by helping prosecutors charge five Chinese army intelligence officials with stealing trade secrets from major companies and by snaring ...

User comments : 0