Cybercrime industry refines its techniques to steal data
Last year saw a number of credit card data breaches that made the headlines. A new report says that this shows how well the "deep web" of cybercrime is serving its customers.
McAfee Labs Threats Report for the fourth quarter of 2013 says that not only did Point of Sale (PoS) attacks like that on Target steal large numbers of records they point to a refinement in criminal technique.
The attackers used point-of-sale malware that's available to buy off-the-shelf in the cybercrime community and made straightforward modifications allowing them to target their attacks. What's more they had an efficient mechanism in place to sell all the stolen data including an anonymous, virtual-currency-based payment system.
"The fourth quarter of 2013 will be remembered as the period when cybercrime became 'real' for more people than ever before," says Vincent Weafer, senior vice president for McAfee Labs. "These cyber thefts occurred at a time when most people were focused on their holiday shopping and when the industry wanted people to feel secure and confident in their purchases. The impact of these attacks will be felt both at the kitchen table as well as the boardroom table”.
Other findings of the report include an increase in the use of malicious signed binaries, the number on McAfee Labs' database having tripled last year. The company says that the misuse of code signing is eroding user trust in the use of security certificates.
The report also explores the relationship between mobile malware and apps that "overcollect" user data and mobile device telemetry. Although most tracking is benign, 82 percent of mobile apps track when you use Wi-Fi and data networks, when you turn on your device or your current and last location. In addition 80 percent of apps collect location information and 57 percent track when the phone is used.
Ransomware continues to be a problem too, McAfee Labs recorded a million new samples, doubling the number between Q4 2012 and Q4 2013. There were also 2.47 million new mobile malware samples in 2013, 2.2 million new master boot record attacks and a 70 percent increase in the number of suspicious URLs.
You can read the full report as a PDF on McAfee's site and in the meantime, let's be careful out there.