Nobody expects the white hats of the IT world to be able to eliminate cyber crime entirely. But, according to McAfee Labs' Threats Report for the fourth quarter of 2013, the good guys are having a tough time even making life difficult for the bad guys.
According to the report, what was most notable during the quarter was not the stream of headlines about massive credit card data breaches affecting retailers like Target, Neiman Marcus, White Lodging, Harbor Freight Tools, Easton-Bell Sports and Michaels Stores. Instead it was, "how well the malware industry served its customers," who don't need much technical expertise to launch their attacks."
The Target malware was a customized version of BlackPOS, which McAfee described as, "far from 'advanced.' The BlackPOS malware family is an 'off-the-shelf' exploit kit for sale that can easily be modified and redistributed with little programming skill or knowledge of malware functionality," the report said.
In short, all the attackers needed was criminal intent and a safe place to work, which is provided by the so-called "Dark Web." As Security Week put it, "cybercriminals are settling into a comfortable place in the 'Dark Web' where they test, refine and distribute malware for online thievery."
Vincent Weafer, senior vice president for McAfee Labs, said in a statement that the attacks "represent a coming of age for both Cybercrime-as-a-Service and the 'Dark Web' overall," which allows criminals to operate as easily as any other legitimate online business.
Indeed, experts agree that there is little hope that law enforcement can disrupt criminals on the Dark Web in any major way. Even the highly publicized shutdown last October of the online narcotics black market Silk Road came after it had been operating for two and a half years. And that was, by the FBI's own admission, because the alleged administrator of Silk Road, Ross William Ulbricht, made a "simple mistake."
The bust didn't do much to curb the market either. A month later, Silk Road 2.0 made its debut, with a similar line of illegal products.
In an interview last December, IDTheftSecurity CEO Robert Siciliano said the Dark Web is, "exponentially larger than what everyday consumers have access to. The tools to search and navigate via Tor (The Onion Router) are getting better every day."
Raj Samani, EMEA CTO at McAfee agreed, saying that a combination of better tools and better service means that it no longer takes special skills to get into the business. The attacks, "are enabled through cybercrime-as-a-service. In other words the ability to outsource products, tools and services to enable a cyberattack means the number of persons capable of conducting an attack is increasing," he said.
Sign up for CIO Asia eNewsletters.