The McAfee Labs Q4 threats report revealed a whole dark network of cyber crimes going on under the nose of the normal Net activities.
The dark web is a sprawling place where all sorts of crimes occur undetected. It is an underground Internet that sells malware like candy at a departmental store. And where does this malware go, you may ask?
Well, most of it is the starting point of attacks on innocent shoppers and people who have left behind vital information. The number of data breaches and other cyber-thefts has increased exponentially over the last couple of years.
The sale of stolen credit cards is a common act that takes place in the Net environment. And the wrong usage of Content Distribution Networks (CDNs) furthermore leads to the wrapping of malicious binaries in digitally signed installers. This of course provokes havoc in the system. In a way these dark elements have polluted the Net.
“The fourth quarter of 2013 will be remembered as the period when cybercrime became ‘real’ for more people than ever before,” said Vincent Weafer, senior vice president for McAfee Labs. “These cyber thefts occurred at a time when most people were focused on their holiday shopping and when the industry wanted people to feel secure and confident in their purchases. The impact of these attacks will be felt both at the kitchen table as well as the boardroom table. For security practitioners, the ‘off the shelf’ genesis of some of these crime campaigns, the scale of operations, and the ease of digitally monetizing stolen customer data all represent a coming of age for both Cybercrime-as-a-Service and the ‘dark web’ overall.”
The certificate authority (CA) model is up against a legitimate threat due to this monkey business. Most of the malware software was easily available from the shelves of stores. In fact, cybercrime had developed into a whole other subculture almost in the same way as say Hippie culture or Rock’n’Roll culture.
The thieves who inhabit the recesses of the World Wide Web have over 40 million stolen credit cards which they are willing to sell to anyone with the cash to buy one. It was in the final quarter of last year that cybercrime almost hit the roof. And the interesting thing was that the criminals acted on the spur of the moment.
When the holiday shoppers were busy making their respective purchases, the thieves made their entry on the scene. The influence was felt virtually everywhere. Of course, in a world where anything goes, this sort of mass menace is not such a rarity.
“Although the expansion of the CA and CDN industries has dramatically lowered the cost of developing and issuing software for developers, the standards for qualifying the identity of the publisher have also decreased dramatically,” said Weafer. “We will need to learn to place more trust in the reputation of the vendor that signed the file, and less trust in the simple presence of a certificate.”
The lesson for now is that such abuse of the Net could result in a serious jumble where the authorities will get mixed up with the crime princes. So extra-vigilance is of the essence.