McAfee sheds light on 'dark web' malware in latest threats report

McAfee sheds light on 'dark web' malware in latest threats report

Summary: McAfee Labs researchers suggest that the fourth quarter of 2013 is when average consumers finally awoke to the reality of cyber crime.


McAfee put the spotlight on a rising cyber crime space, dubbed the "dark web," in its latest quarterly threats report.

The dark web is credited in the fourth quarter recap with being a significant factor in some of the most widely-reported and hardest-hitting breaches in 2013 -- namely the attack on Target, stealing the personal data of more than 70 million customers over a few weeks.

Although law enforcement agencies worldwide are on the case, a suspect has to be apprehended.

The McAfee Labs team, staffed by approximately 500 researchers across 30 countries who are also responsible for publishing the regularly scheduled report, suggested that the "growing ease of purchasing POS malware online" has significantly contributed toward the growth of these attacks as well as the dark web, where personal consumer data later turns up for sale.

Vincent Weafer, senior vice president for McAfee Labs, went further in the report, defining the fourth quarter of 2013 as a turning point in which average consumers finally awoke to the ever-present reality of cyber crime.

These cyber thefts occurred at a time when most people were focused on their holiday shopping and when the industry wanted people to feel secure and confident in their purchases. The impact of these attacks will be felt both at the kitchen table as well as the boardroom table. For security practitioners, the ‘off the shelf’ genesis of some of these crime campaigns, the scale of operations, and the ease of digitally monetizing stolen customer data all represent a coming of age for both Cybercrime-as-a-Service and the ‘dark web’ overall.

Researchers also warned about the multiplying number of digitally signed malware samples, which tripled over the course of the year to more than eight million. That's also a 52 percent increase from the previous quarter.

The big problem here is that it causes confusion for users and administrators alike in authenticating safe software. The McAfee Labs team asserted this strand of malware is being fed by an "abuse of automated Content Distribution Networks (CDNs) that wrap malicious binaries within digitally signed, otherwise legitimate installers."

Other forms of malware predictably continue to rise. Android malware grew by 197 percent from the end of 2012, while the number of suspect URLs jumped by 70 percent during the same time frame.

Over the course of 2013, McAfee Labs found an average of 200 new malware samples every minute, or more than three new threats every second.

Topics: Security, Mobility, Privacy, Software, Web development

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • government as usual looks the wrong direction

    government entities across the nation (and world) put hundreds of men and women in prison every year for smoking or possessing pot while these criminals commit hundreds of millions of dollars in crime and get away (mostly) with it because there's not enough money to hire top dog cyber cops to track down and jail these criminals.

    Add to that, countries who actually protect these cyber bandits overtly or covertly.
    "Politics is the art of looking for trouble, finding it everywhere, diagnosing it incorrectly and applying the wrong remedies." -- Groucho Marx
    • What is the solution to counter these crimes?

      • Is it all crime...

        ... or are some of these malware merely infringining on your expectation of privacy? We think we have a right to privacy, but unless the activity is explicitly defined as a crime it may not be illegal. I suspect that this article is including all forms of malware, including spyware created by legitimate companies for the purpose of (for example) gathering personal info to sell to marketers. This is the arena where thoughtful and appropriate legislation would be useful.

        Regarding the criminal malware, when legitimate development jobs (or even cyber law enforcement) pay as well as crime, crime will be reduced to only those who do it for the thrill. In other words, remove the financial incentives and the criminal side of the behaviour should reduce dramatically. It will never go away completely, because there will be those who enjoy the thrill of commiting the crime as well as the lifestyle it affords (no 8-5 job, no boss, no dress code, etc.).