McAfee shines a light on the dangers of the Dark Web

McAfee's Q4 2013 Threat Report details an underworld of off-the-shelf, plug-and-play exploit kits and malicious certificates.

Everything may seem happy and shiny as you flit about the Internet, surfing from Facebook to Netflix, and popping in every now and then to check your email. But just as there are dark alleys in a city, though, there is a seedy underside to the Internet as well. According to a new report from McAfee, the "Dark Web" has matured into a dangerous underground marketplace for cybercriminals.

While you're busy buying the DVD of 12 Years a Slave from Amazon, cyber crooks are doing some shopping as well. They're buying off-the-shelf, plug-and-play exploit kits from the booming cybercrime-as-a-service industry, or selling stolen personal information and credit card details to other online thieves. The Dark Web works a lot like the normal Web by facilitating innovation and commerce--it's just more nefarious.

The McAfee Labs Threat Report Q4 2013 notes that recent attacks have been unprecedented in terms of the number of records stolen, and McAfee researchers point out just how efficiently and effectively the malware industry was in serving its customers. "The attackers purchased off-the-shelf point-of-sale malware, they made straightforward modifications so they could target their attacks, and it's likely they both tested their target's defenses and evaded those defenses using purchased software."

TK Keanini, CTO of Lancope, agrees, and expanded on the perils of the Dark Web to explain the other factors that make it so dangerous. He explained in a recent blog post that the barrier for entry into the world of cybercrime is exceedingly low as a result of the Dark Web. The only real "skills" a would-be attacker needs is the ability to click "Add to Cart" so he or she can purchase ready-to-launch malware tools.

"This marketplace would have happened earlier but two things needed to become widely available," Keanini said. "One is a network infrastructure that could let cybercriminals operate anonymously and the other is a currency that would let them conduct commerce anonymously: these are the TOR network and Bitcoin, respectively."

Of course, the Dark Web isn't the only threat out there. Last week, McAfee researcher Adam Wosotowsky walked me through the key findings of the McAfee Labs Q4 2013 Threat Report. Another trend that Adam finds concerning is the rise of malicious signed binaries--malware that appears to be legitimate because it is signed using a stolen or malicious certificate.

McAfee Labs identified eight million signed binaries as suspicious. He stressed that this issue calls into question the efficacy and stability of the entire Certificate Authority system--which much of the industry relies on to validate the reputation and credibility of applications before allowing them to execute. Security is predicated on the idea that the Certificate Authority (CA) is secure and reliable, therefore any software signed with a certificate from a CA is assumed to be safe. Attackers have exploited weak security procedures at some CAs or simply stolen legitimate certificates from other companies to distribute malware that appears to be authentic software.

Check out the full McAfee Labs Threat Report Q4 2013 to find out more about the Dark Web and malicious signed binaries, as well as other trends and concerns identified by McAfee researchers.

Join the CSO newsletter!

Error: Please check your email address.

Tags mcafeesecuritynetflixmalwareFacebook

More about Amazon Web ServicesFacebookLancopeMcAfee AustraliaNetflix

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tony Bradley

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts