Security researchers at McAfee Labs identified 200 new malware samples per minute, or more than three new threats every second, during 2013, with a marked upswing in point-of-sale attack vectors in the final quarter.
The McAfee Labs fourth quarter threats report
highlights the role of the "dark web" malware industry as a key enabler of the high-profile point-of-sale (POS) attacks and data breaches that struck Target and other US retailers in the fall of 2013.
The report brings to light the growing ease of purchasing POS malware online, and selling stolen credit card numbers and other personal consumer data. It finds that the POS malware used in the attacks were relatively unsophisticated technologies likely purchased "off the shelf" from the Cybercrime-as-a-Service community, and customised specifically for these attacks.
McAfee researchers says that thieves on underground crime forums are offering for sale some of the 40 million credit card numbers reported stolen from Target in batches of between one million and four million at a time.
Vincent Weafer, senior vice president for McAfee Labs, says: "For security practitioners, the 'off the shelf' genesis of some of these crime campaigns , the scale of operations, and the ease of digitally monetizing stolen customer data all represent a coming of age for both Cybercrime-as-a-Service and the 'dark web' overall."