Thousands Of Stolen Identities Added To Dark Web Markets

Bot detection and mitigation company Netacea has published new research into the Genesis Market, a controlled access Dark Web marketplace that trades in digital fingerprints and enables buyers to impersonate victims online. 
 
According to their report, Buying Bad Bots Wholesale: The Genesis Market, the number of stolen digital identities available on the marketplace has increased from 100,000 to over 350,000 since April 2019, with more than 18,000 being added every month.
 
Netacea says there are Genesis Market bots undertaking large-scale infection of consumer devices with the aim of stealing digital fingerprints, cookies, saved logins, and auto fill form data. This data is then packaged up and put up for sale, with prices that range from less than $1 to $370 for bots containing larger amounts of embedded data.
 
The report says that upon purchase of a Genesis bot, the buyer will receive a custom browser into which they load the data. This allows them to represent themselves online as the person whose information has been stolen. They can then browse the Internet using the stolen information, use saved logins to access the victims accounts, or continue a session if login cookies are available. All without access to the original device.
 
 “We’re caught in a Catch-22," says Netacea’s head of threat research, Matthew Gracey-McMinn."With more companies making the digital leap and an increasing amount of data available online, there's been a surge in data breaches as hackers look to cash in on consumers' data.... As hackers invest more and profit more from attacks, the number of attacks increases. The significant growth of the Genesis Market represents a huge step forward for attackers challenging client-side detection mechanisms and is making that Catch-22 harder to break.”
 
The key findings of the Netacea report include: 
 
• Analysis of the tactics used by Genesis Market bots to mimic genuine users, bypass defences, and access large amounts of private, financial or political information.
 
• In-depth research into the Genesis Security plugin and Genesium Browser, which allow buyers to browse the internet as the victim.
 
• Exploration of anti-detect browsers and how the Genesis Market technology tries to ensure anonymity online. In the Q4 of 2020, the Genesis Market went offline and left many patrons hanging in suspense because most of its users invested a lot of bitcoin in the Genesis Market place wallet. Now that the site has been reconstructed.
 
As a result of the findings, Netacea has invested $300,000 into hiring new threat research analysts to expand its research team and is increasing training for new and existing team members. 
 
Part of the investment will also be dedicated to the creation of a standardised bot management framework for businesses to capture all automated bot threats and their life-cycle in a series of comprehensive kill chains. “As attackers advance, so will cyber security defences... It's an arms race, but automation can and must be used as our secret weapon. Our investment into more research and the creation of a bot management framework will help ensure businesses and their customers remain protected.” says Gracey-McMinn.  
 
 
Netacea:      Digital Shadows:     Security Brief:       The Paypers:      RealWire:       iZooLogic:  
 
You Might Also Read: 
 
Identity Theft - A Very Personal Hacking Attack:
 
 
« Running Out Of Cyber Gas
Cyber Security Shared Skills Group Created »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Kaspersky Lab

Kaspersky Lab

Kaspersky Lab is one of the world’s largest privately held vendors of endpoint cybersecurity solutions.

NetKnights

NetKnights

NetKnights is an independent IT security company which offers services and products for strong authentication, identity management and encryption.

Firedome

Firedome

Firedome's tailormade solution for IoT companies is designed to proactively prevent, detect, and respond to inevitable vulnerabilities in connected devices.

Cyber Range Malaysia

Cyber Range Malaysia

With Cyber Range Malaysia organizations can train their security professionals in empirically valid cyber war-gaming scenarios necessary to develop IT staff skills and instincts for defensive action.

Depth Security

Depth Security

Depth Security assessment services provide organizations with real-world visibility into threats facing their infrastructure and applications.

Guardara

Guardara

Guardara's mission is to help our customers to continuously improve in every aspect of software development.

SHIELD

SHIELD

SHIELD are the world’s leading cybersecurity company specializing in cyber fraud and identity solutions.

Terralogic

Terralogic

Terralogic is a software and IT services company, an expert in IoT, Cloud, DevOps, App development and Cybersecurity.

Accurics

Accurics

Accurics enables self-healing cloud native infrastructure by codifying security throughout your development lifecycle.

SynSaber

SynSaber

SynSaber is a data collection, detection, and visibility solution that forms the foundation of industrial cybersecurity.

BOXX Insurance

BOXX Insurance

BOXX Insurance Inc. is a new type of insurance company for a new type of risk. Cyberboxx is the first fully-integrated cybersecurity and insurance solution for small-to-medium-sized businesses.

BDO Global

BDO Global

BDO is an international network of public accounting, tax and advisory firms which perform professional services under the name of BDO.

Oxford Internet Institute - University of Oxford

Oxford Internet Institute - University of Oxford

The Oxford Internet Institute is a multidisciplinary research and teaching department of the University of Oxford, dedicated to the social science of the Internet.

Kong

Kong

Kong - powering the API world. Increase developer productivity, security, and performance at scale with the unified platform for API management, service mesh, and ingress controller.

L&T Technology Services (LTTS)

L&T Technology Services (LTTS)

L&T Technology Services Limited (LTTS) is a global leader in Engineering and R&D (ER&D) services.

Manifest

Manifest

Manifest is a cybersecurity company dedicated to helping enterprises secure their software supply chains.