Target_LogoAs details about the Target report were first released, you might recall the words used to describe the attackers work: “sophisticated,” “advanced” and “highly skilled.” A report from McAffee, the security firm, says “not so much!” McAfee said in it’s fourth quarter security report that Target Corp.’s monster security breach was anything but sophisticated or exotic.

Countering assertions by Target and the U.S. Secret Service that the hackers were highly technical, McAfee said attackers used easily modified off-the-shelf malware and common methods to hide it.

The report said the thieves encrypted neither the instructions on where to send the stolen card data nor the card information itself as it was being transmitted out of Target to a remote server, a data stream that should have been detected and caught. The report describes it as follows: “As an attack, it is extremely unimpressive and unremarkable.”  Read the report for the full details.

Additional McAfee Q4 2013 Findings

  • Mobile malware. McAfee Labs collected 2.47 million new mobile samples in 2013, with 744,000 in the fourth quarter alone. Their mobile malware zoo of unique samples grew by an astounding 197 percent from the end of 2012.
  • Ransomware. The volume of new ransomware samples rose by 1 million new samples for the year, doubling in number from Q4 2012 to Q4 2013.
  • Suspicious URLs. McAfee Labs recorded a 70 percent increase in the number of suspect URLs in 2013.
  • Malware proliferation. In 2013, McAfee Labs found 200 new malware samples every minute, or more than three new threats every second.
  • Master boot record-related. McAfee Labs found 2.2 million new MBR-attacks in 2013.

A lot going on out there!