Point-of-Sale (PoS) cybercrime has peaked during the holiday season of 2013 with a major chunk of attention set to "target" retail stores' data breach debacle, which compromised the personal data of 70 million plus customers over a few weeks.
McAfee Labs released its Quarterly Threats Report (for fourth quarter 2013), the rising cybercrime is duly a major concern and dubbed the 'dark web' of cybercrime.
According to McAfee's report, it's getting easier to purchase PoS malware online, and then sell the stolen credit card numbers and the consumer's personal data online. The number of digitally signed malware samples rose 300 percent in 2013, thanks to the misuse of content distribution networks (CDNs) that wrap malicious binaries within digitally signed, otherwise legitimate installers. The firm said, this could prove threatening to the current certificate authority (CA) models for authenticating legitimate software.
Vincent Weafer, senior vice president for McAfee Labs, pointed out that the fourth quarter of 2013 is the landmark when cybercrime became a reality for more people who thought such attacks could never happen to them.
"These cyber thefts occurred at a time when most people were focused on their holiday shopping and when the industry wanted people to feel secure and confident in their purchases. The impact of these attacks will be felt both at the kitchen table as well as the boardroom table."
He continued, "For security practitioners, the off-the-shelf genesis of some of these crime campaigns, the scale of operations, and the ease of digitally monetizing stolen customer data all represent a coming of age for both 'cybercrime-as-a-Service' and the 'dark web' overall."
Points to be Noted
1) As per McAfee Labs, the PoS malware samples used in the attacks were not-so-sophisticated technologies which were purchased off-the-shelf from the Cybercrime-as-a-Service community, and customized specifically for these attacks. McAfee researchers discovered the thieves offering (for sale) some of the 40 million credit card numbers reported stolen in batches of between 1 million and 4 million at a time.
2) Even though the total number of signed malware samples included stolen, purchased or misused certificates, the 'big' majority of growth was due to dubious Content Distribution Networks (CDN).
Other Significant Findings
1) "Mobile Malware attacks" grew by a staggering 197 percent.
2) Attacks via "Suspicious URL" grew by 70 percent.