Press release -
McAfee Labs Q4 Report Reveals Techniques Used in High-Profile Data Breaches
SANTA CLARA, Calif./SINGAPORE – Mar. 10, 2014 – McAfee Labs today released the McAfee Labs Threats Report: Fourth Quarter 2013, highlighting the role of the “dark web” malware industry as a key enabler of the high-profile point-of-sale (POS) attacks and data breaches in the fall of 2013. The report brings to light the growing ease of purchasing POS malware online, and selling stolen credit card numbers and other personal consumer data online. McAfee Labs also saw the number of digitally signed malware samples triple over the course of 2013, driven largely by the abuse of automated Content Distribution Networks (CDNs) that wrap malicious binaries within digitally signed, otherwise legitimate installers. McAfee Labs believes this accelerating trend could pose a significant threat to the long-established certificate authority (CA) model for authenticating “safe” software.
Detailed research of the high-profile Q4 credit card data breaches found that the POS malware used in the attacks were relatively unsophisticated technologies likely purchased “off the shelf” from the Cybercrime-as-a-Service community, and customized specifically for these attacks. McAfee Labs’ ongoing research into underground “dark web” markets further identified the attempted sale of stolen credit card numbers and personal information known to have been compromised in the Q4 retail breaches. The researchers found the thieves offering for sale some of the 40 million credit card numbers reported stolen in batches of between 1 million and 4 million at a time.
“The fourth quarter of 2013 will be remembered as the period when cybercrime became ‘real’ for more people than ever before,” said Vincent Weafer, senior vice president for McAfee Labs. “These cyber thefts occurred at a time when most people were focused on their holiday shopping and when the industry wanted people to feel secure and confident in their purchases. The impact of these attacks will be felt both at the kitchen table as well as the boardroom table. For security practitioners, the ‘off the shelf’ genesis of some of these crime campaigns , the scale of operations, and the ease of digitally monetizing stolen customer data all represent a coming of age for both Cybercrime-as-a-Service and the ‘dark web’ overall.”
By the end of 2013, McAfee Labs saw the number of malicious signed binaries in our database triple, to more than 8 million suspicious binaries. In the fourth quarter alone, McAfee Labs found more than 2.3 million new malicious signed applications, a 52 percent increase from the previous quarter. The practice of code signing software validates the identity of the developer who produced the code and ensures the code has not been tampered with since the issue of its digital certificate.
Although the total number of signed malware samples includes stolen, purchased, or abused certificates, the vast majority of growth is due to dubious CDNs. These are websites and companies that allow developers to upload their programs, or a URL that links to an external application, and wrap it in a signed installer.
“We can see from the threat statistics in the Q4 report that Asia Pacific comes in third place after North America and the Europe-Middle East market, with 8.4% of servers hosting suspect content here,” said Wahab Yusoff, Vice President for McAfee South Asia. “Although only a rather small number of suspicious content is hosted in Asia, we should remain vigilant and monitor the situation as cyber attacks don’t know physical boarders.”
The McAfee Labs team warns that the growing number of maliciously signed files could create confusion among users and administrators, and even call into question the continued viability of the CA model for code signing.
“Although the expansion of the CA and CDN industries has dramatically lowered the cost of developing and issuing software for developers, the standards for qualifying the identity of the publisher have also decreased dramatically,” said Weafer. “We will need to learn to place more trust in the reputation of the vendor that signed the file, and less trust in the simple presence of a certificate.”
Additional Q4 2013 Findings
- Mobile malware. McAfee Labs collected
2.47 million new mobile samples in 2013, with 744,000 in the fourth quarter
alone. Our mobile malware zoo of unique samples grew by an astounding 197
percent from the end of 2012.
- Ransomware. The volume of new ransomware samples rose by 1 million new
samples for the year, doubling in number from Q4 2012 to Q4 2013.
- Suspicious URLs. McAfee Labs recorded
a 70 percent increase in the number of suspect URLs in 2013.
- Malware
proliferation. In 2013, McAfee Labs found 200 new malware samples every minute,
or more than three new threats every second.
- Master boot
record-related. McAfee Labs found 2.2 million new MBR-attacks in 2013.
Each quarter, the McAfee Labs team of 500 multidisciplinary researchers in 30 countries follows the complete range of threats in real time, identifying application vulnerabilities, analyzing and correlating risks, and enabling instant remediation to protect enterprises and the public.
To read the full McAfee Labs Threats Report: Fourth Quarter 2013, please visit: http://mcaf.ee/qw7fe
Topics
- PR, Communication
Categories
- mcafee
- threats report
- fourth quarter
- q4 2013
- mobile malware
- ransomware
- suspicious urls
About McAfee Labs
McAfee Labs is the world’s leading source for threat research, threat
intelligence, and cybersecurity thought leadership. The McAfee Labs team of 500
researchers collects threat data from millions of sensors across key threat
vectors—file, web, message, and network. It then performs cross-vector threat
correlation analysis and delivers real-time threat intelligence to tightly
integrated McAfee endpoint and network security products through its
cloud-based McAfee Global Threat Intelligence service. McAfee Labs also
develops core threat detection technologies—such as McAfee DeepSAFE technology,
application profiling, and graylist management—that are incorporated into the
broadest security product portfolio in the industry. http://www.mcafee.com/us/mcafee-labs.aspx
About McAfee
McAfee, a wholly owned subsidiary of Intel Corporation (NASDAQ:INTC), empowers
businesses, the public sector, and home users to safely experience the benefits
of the Internet. The company delivers proactive and proven security solutions
and services for systems, networks, and mobile devices around the world. With
its Security Connected strategy, innovative approach to hardware-enhanced
security, and unique Global Threat Intelligence network, McAfee is relentlessly
focused on keeping its customers safe. http://www.mcafee.com
About PRecious Communications
Our focus is on Corporate Communications, Crisis Management, Reputation Management and Social Media. Combining a clear business-oriented approach with a focus on measurable results, our network of experts helps brands tell their story and tie directly into their overall communications objectives.
We are run out of Singapore and serve clients in Asia Pacific and beyond through our strong links to Europe and North America.