News Feed Item

McAfee Labs Q4 Report Reveals Techniques Used in High-Profile Data Breaches

McAfee Labs today released the McAfee Labs Threats Report: Fourth Quarter 2013, highlighting the role of the “dark web” malware industry as a key enabler of the high-profile point-of-sale (POS) attacks and data breaches in the fall of 2013. The report brings to light the growing ease of purchasing POS malware online, and selling stolen credit card numbers and other personal consumer data online. McAfee Labs also saw the number of digitally signed malware samples triple over the course of 2013, driven largely by the abuse of automated Content Distribution Networks (CDNs) that wrap malicious binaries within digitally signed, otherwise legitimate installers. McAfee Labs believes this accelerating trend could pose a significant threat to the long-established certificate authority (CA) model for authenticating “safe” software.

Detailed research of the high-profile Q4 credit card data breaches found that the POS malware used in the attacks were relatively unsophisticated technologies likely purchased “off the shelf” from the Cybercrime-as-a-Service community, and customized specifically for these attacks. McAfee Labs’ ongoing research into underground “dark web” markets further identified the attempted sale of stolen credit card numbers and personal information known to have been compromised in the Q4 retail breaches. The researchers found the thieves offering for sale some of the 40 million credit card numbers reported stolen in batches of between 1 million and 4 million at a time.

“The fourth quarter of 2013 will be remembered as the period when cybercrime became ‘real’ for more people than ever before,” said Vincent Weafer, senior vice president for McAfee Labs. “These cyber thefts occurred at a time when most people were focused on their holiday shopping and when the industry wanted people to feel secure and confident in their purchases. The impact of these attacks will be felt both at the kitchen table as well as the boardroom table. For security practitioners, the ‘off the shelf’ genesis of some of these crime campaigns, the scale of operations, and the ease of digitally monetizing stolen customer data all represent a coming of age for both Cybercrime-as-a-Service and the ‘dark web’ overall.”

By the end of 2013, McAfee Labs saw the number of malicious signed binaries in our database triple, to more than 8 million suspicious binaries. In the fourth quarter alone, McAfee Labs found more than 2.3 million new malicious signed applications, a 52 percent increase from the previous quarter. The practice of code signing software validates the identity of the developer who produced the code and ensures the code has not been tampered with since the issue of its digital certificate.

Although the total number of signed malware samples includes stolen, purchased, or abused certificates, the vast majority of growth is due to dubious CDNs. These are websites and companies that allow developers to upload their programs, or a URL that links to an external application, and wrap it in a signed installer.

The McAfee Labs team warns that the growing number of maliciously signed files could create confusion among users and administrators, and even call into question the continued viability of the CA model for code signing.

“Although the expansion of the CA and CDN industries has dramatically lowered the cost of developing and issuing software for developers, the standards for qualifying the identity of the publisher have also decreased dramatically,” said Weafer. “We will need to learn to place more trust in the reputation of the vendor that signed the file, and less trust in the simple presence of a certificate.”

Additional Q4 2013 Findings

  • Mobile malware. McAfee Labs collected 2.47 million new mobile samples in 2013, with 744,000 in the fourth quarter alone. Our mobile malware zoo of unique samples grew by an astounding 197 percent from the end of 2012.
  • Ransomware. The volume of new ransomware samples rose by 1 million new samples for the year, doubling in number from Q4 2012 to Q4 2013.
  • Suspicious URLs. McAfee Labs recorded a 70 percent increase in the number of suspect URLs in 2013.
  • Malware proliferation. In 2013, McAfee Labs found 200 new malware samples every minute, or more than three new threats every second.
  • Master boot record-related. McAfee Labs found 2.2 million new MBR-attacks in 2013.

Each quarter, the McAfee Labs team of 500 multidisciplinary researchers in 30 countries follows the complete range of threats in real time, identifying application vulnerabilities, analyzing and correlating risks, and enabling instant remediation to protect enterprises and the public.

To read the full McAfee Labs Threats Report: Fourth Quarter 2013, please visit: http://mcaf.ee/qw7fe

About McAfee Labs

McAfee Labs is the world’s leading source for threat research, threat intelligence, and cybersecurity thought leadership. The McAfee Labs team of 500 researchers collects threat data from millions of sensors across key threat vectors—file, web, message, and network. It then performs cross-vector threat correlation analysis and delivers real-time threat intelligence to tightly integrated McAfee endpoint and network security products through its cloud-based McAfee Global Threat Intelligence service. McAfee Labs also develops core threat detection technologies—such as McAfee DeepSAFE technology, application profiling, and graylist management—that are incorporated into the broadest security product portfolio in the industry. http://www.mcafee.com/us/mcafee-labs.aspx

About McAfee

McAfee, a wholly owned subsidiary of Intel Corporation (NASDAQ:INTC), empowers businesses, the public sector, and home users to safely experience the benefits of the Internet. The company delivers proactive and proven security solutions and services for systems, networks, and mobile devices around the world. With its Security Connected strategy, innovative approach to hardware-enhanced security, and unique Global Threat Intelligence network, McAfee is relentlessly focused on keeping its customers safe. http://www.mcafee.com

Note: McAfee is a trademark or registered trademark of McAfee, Inc. in the United States and other countries. Other names and brands may be claimed as the property of others.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
WebRTC adoption has generated a wave of creative uses of communications and collaboration through websites, sales apps, customer care and business applications. As WebRTC has become more mainstream it has evolved to use cases beyond the original peer-to-peer case, which has led to a repeating requirement for interoperability with existing infrastructures. In his session at @ThingsExpo, Graham Holt, Executive Vice President of Daitan Group, will cover implementation examples that have enabled ea...
In past @ThingsExpo presentations, Joseph di Paolantonio has explored how various Internet of Things (IoT) and data management and analytics (DMA) solution spaces will come together as sensor analytics ecosystems. This year, in his session at @ThingsExpo, Joseph di Paolantonio from DataArchon, will be adding the numerous Transportation areas, from autonomous vehicles to “Uber for containers.” While IoT data in any one area of Transportation will have a huge impact in that area, combining sensor...
SYS-CON Events announced today that Coalfire will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Coalfire is the trusted leader in cybersecurity risk management and compliance services. Coalfire integrates advisory and technical assessments and recommendations to the corporate directors, executives, boards, and IT organizations for global brands and organizations in the technology, cloud, health...
November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Penta Security is a leading vendor for data security solutions, including its encryption solution, D’Amo. By using FPE technology, D’Amo allows for the implementation of encryption technology to sensitive data fields without modification to schema in the database environment. With businesses having their data become increasingly more complicated in their mission-critical applications (such as ERP, CRM, HRM), continued ...
In his session at 19th Cloud Expo, Claude Remillard, Principal Program Manager in Developer Division at Microsoft, will contrast how his team used config as code and immutable patterns for continuous delivery of microservices and apps to the cloud. He will show the immutable patterns helps developers do away with most of the complexity of config as code-enabling scenarios such as rollback, zero downtime upgrades with far greater simplicity. He will also have live demos of building immutable pipe...
As data explodes in quantity, importance and from new sources, the need for managing and protecting data residing across physical, virtual, and cloud environments grow with it. Managing data includes protecting it, indexing and classifying it for true, long-term management, compliance and E-Discovery. Commvault can ensure this with a single pane of glass solution – whether in a private cloud, a Service Provider delivered public cloud or a hybrid cloud environment – across the heterogeneous enter...
SYS-CON Events announced today that Cloudbric, a leading website security provider, will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Cloudbric is an elite full service website protection solution specifically designed for IT novices, entrepreneurs, and small and medium businesses. First launched in 2015, Cloudbric is based on the enterprise level Web Application Firewall by Penta Security Sys...
WebRTC sits at the intersection between VoIP and the Web. As such, it poses some interesting challenges for those developing services on top of it, but also for those who need to test and monitor these services. In his session at WebRTC Summit, Tsahi Levent-Levi, co-founder of testRTC, reviewed the various challenges posed by WebRTC when it comes to testing and monitoring and on ways to overcome them.
"Matrix is an ambitious open standard and implementation that's set up to break down the fragmentation problems that exist in IP messaging and VoIP communication," explained John Woolf, Technical Evangelist at Matrix, in this SYS-CON.tv interview at @ThingsExpo, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
Rapid innovation, changing business landscapes, and new IT demands force businesses to make changes quickly. In the eyes of many, containers are at the brink of becoming a pervasive technology in enterprise IT to accelerate application delivery. In this presentation, you'll learn about the: The transformation of IT to a DevOps, microservices, and container-based architecture What are containers and how DevOps practices can operate in a container-based environment A demonstration of how Docke...
Enterprises have been using both Big Data and virtualization for years. Until recently, however, most enterprises have not combined the two. Big Data's demands for higher levels of performance, the ability to control quality-of-service (QoS), and the ability to adhere to SLAs have kept it on bare metal, apart from the modern data center cloud. With recent technology innovations, we've seen the advantages of bare metal erode to such a degree that the enhanced flexibility and reduced costs that ...
DevOps is being widely accepted (if not fully adopted) as essential in enterprise IT. But as Enterprise DevOps gains maturity, expands scope, and increases velocity, the need for data-driven decisions across teams becomes more acute. DevOps teams in any modern business must wrangle the ‘digital exhaust’ from the delivery toolchain, "pervasive" and "cognitive" computing, APIs and services, mobile devices and applications, the Internet of Things, and now even blockchain. In this power panel at @...
In his general session at 18th Cloud Expo, Lee Atchison, Principal Cloud Architect and Advocate at New Relic, discussed cloud as a ‘better data center’ and how it adds new capacity (faster) and improves application availability (redundancy). The cloud is a ‘Dynamic Tool for Dynamic Apps’ and resource allocation is an integral part of your application architecture, so use only the resources you need and allocate /de-allocate resources on the fly.
Governments around the world are adopting Safe Harbor privacy provisions to protect customer data from leaving sovereign territories. Increasingly, global companies are required to create new instances of their server clusters in multiple countries to keep abreast of these new Safe Harbor laws. Is it worth it? In his session at 19th Cloud Expo, Adam Rogers, Managing Director of Anexia, Inc., will discuss how to keep your data legal and still stay in business.
SYS-CON Events announced today that SoftNet Solutions will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. SoftNet Solutions specializes in Enterprise Solutions for Hadoop and Big Data. It offers customers the most open, robust, and value-conscious portfolio of solutions, services, and tools for the shortest route to success with Big Data. The unique differentiator is the ability to architect and ...