Everything may seem happy and shiny as you flit about the Internet, surfing from Facebook to Netflix, and popping in every now and then to check your email. But just as there are dark alleys in a city, though, there is a seedy underside to the Internet as well. According to a new report from McAfee, the “Dark Web” has matured into a dangerous underground marketplace for cybercriminals.
While you’re busy buying the DVD of 12 Years a Slave from Amazon, cyber crooks are doing some shopping as well. They’re buying off-the-shelf, plug-and-play exploit kits from the booming cybercrime-as-a-service industry, or selling stolen personal information and credit card details to other online thieves. The Dark Web works a lot like the normal Web by facilitating innovation and commerce—it’s just more nefarious.
The McAfee Labs Threat Report Q4 2013 notes that recent attacks have been unprecedented in terms of the number of records stolen, and McAfee researchers point out just how efficiently and effectively the malware industry was in serving its customers. “The attackers purchased off-the-shelf point-of-sale malware, they made straightforward modifications so they could target their attacks, and it’s likely they both tested their target’s defenses and evaded those defenses using purchased software.”
TK Keanini, CTO of Lancope, agrees, and expanded on the perils of the Dark Web to explain the other factors that make it so dangerous. He explained in a recent blog post that the barrier for entry into the world of cybercrime is exceedingly low as a result of the Dark Web. The only real “skills” a would-be attacker needs is the ability to click “Add to Cart” so he or she can purchase ready-to-launch malware tools.
“This marketplace would have happened earlier but two things needed to become widely available,” Keanini said. “One is a network infrastructure that could let cybercriminals operate anonymously and the other is a currency that would let them conduct commerce anonymously: these are the TOR network and Bitcoin, respectively.”
Of course, the Dark Web isn’t the only threat out there. Last week, McAfee researcher Adam Wosotowsky walked me through the key findings of the McAfee Labs Q4 2013 Threat Report. Another trend that Adam finds concerning is the rise of malicious signed binaries—malware that appears to be legitimate because it is signed using a stolen or malicious certificate.
McAfee Labs identified eight million signed binaries as suspicious. He stressed that this issue calls into question the efficacy and stability of the entire Certificate Authority system—which much of the industry relies on to validate the reputation and credibility of applications before allowing them to execute. Security is predicated on the idea that the Certificate Authority (CA) is secure and reliable, therefore any software signed with a certificate from a CA is assumed to be safe. Attackers have exploited weak security procedures at some CAs or simply stolen legitimate certificates from other companies to distribute malware that appears to be authentic software.
Check out the full McAfee Labs Threat Report Q4 2013 to find out more about the Dark Web and malicious signed binaries, as well as other trends and concerns identified by McAfee researchers.