Thousands Of Stolen Identities Added To Dark Web Markets

Bot detection and mitigation company Netacea has published new research into the Genesis Market, a controlled access Dark Web marketplace that trades in digital fingerprints and enables buyers to impersonate victims online. 
 
According to their report, Buying Bad Bots Wholesale: The Genesis Market, the number of stolen digital identities available on the marketplace has increased from 100,000 to over 350,000 since April 2019, with more than 18,000 being added every month.
 
Netacea says there are Genesis Market bots undertaking large-scale infection of consumer devices with the aim of stealing digital fingerprints, cookies, saved logins, and auto fill form data. This data is then packaged up and put up for sale, with prices that range from less than $1 to $370 for bots containing larger amounts of embedded data.
 
The report says that upon purchase of a Genesis bot, the buyer will receive a custom browser into which they load the data. This allows them to represent themselves online as the person whose information has been stolen. They can then browse the Internet using the stolen information, use saved logins to access the victims accounts, or continue a session if login cookies are available. All without access to the original device.
 
 “We’re caught in a Catch-22," says Netacea’s head of threat research, Matthew Gracey-McMinn."With more companies making the digital leap and an increasing amount of data available online, there's been a surge in data breaches as hackers look to cash in on consumers' data.... As hackers invest more and profit more from attacks, the number of attacks increases. The significant growth of the Genesis Market represents a huge step forward for attackers challenging client-side detection mechanisms and is making that Catch-22 harder to break.”
 
The key findings of the Netacea report include: 
 
• Analysis of the tactics used by Genesis Market bots to mimic genuine users, bypass defences, and access large amounts of private, financial or political information.
 
• In-depth research into the Genesis Security plugin and Genesium Browser, which allow buyers to browse the internet as the victim.
 
• Exploration of anti-detect browsers and how the Genesis Market technology tries to ensure anonymity online. In the Q4 of 2020, the Genesis Market went offline and left many patrons hanging in suspense because most of its users invested a lot of bitcoin in the Genesis Market place wallet. Now that the site has been reconstructed.
 
As a result of the findings, Netacea has invested $300,000 into hiring new threat research analysts to expand its research team and is increasing training for new and existing team members. 
 
Part of the investment will also be dedicated to the creation of a standardised bot management framework for businesses to capture all automated bot threats and their life-cycle in a series of comprehensive kill chains. “As attackers advance, so will cyber security defences... It's an arms race, but automation can and must be used as our secret weapon. Our investment into more research and the creation of a bot management framework will help ensure businesses and their customers remain protected.” says Gracey-McMinn.  
 
 
Netacea:      Digital Shadows:     Security Brief:       The Paypers:      RealWire:       iZooLogic:  
 
You Might Also Read: 
 
Identity Theft - A Very Personal Hacking Attack:
 
 
« Running Out Of Cyber Gas
Cyber Security Shared Skills Group Created »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

JYVSECTEC - JAMK University of Applied Sciences

JYVSECTEC - JAMK University of Applied Sciences

JYVSECTEC is a cyber security research and development and training centre

IntaForensics

IntaForensics

IntaForensics offer a full range of digital investigation services and are able to adapt to the individual needs of solicitors, private clients, Law Enforcement Agencies and commercial businesses.

Centripetal Networks

Centripetal Networks

Centripetal Networks was founded with one vision - to protect networks from advanced threats by simplifying intelligence-driven security.

Flowmon Networks

Flowmon Networks

Flowmon provide high performance network monitoring technology and behavior analytics to enhance network performance and deal with cyber threats.

Optiv

Optiv

Optiv is a market-leading provider of end-to-end cyber security solutions. We help clients plan, build and run successful cyber security programs that achieve business objectives.

Ubiq Security

Ubiq Security

Ubiq has developed a software solution that secures any type of data, on any device, anywhere, with nearly no impact to system performance or user experience.

Neowave

Neowave

Neowave designs, manufactures and markets strong authentication solutions based on smart card components and digital certificates.

GreyCampus

GreyCampus

GreyCampus is a leading provider of training for working professionals in the areas of Project Management, Big Data, Data Science, Service Management, Quality Management and Information Security.

VIPRE Security Group

VIPRE Security Group

VIPRE Security Group is an award-winning global cybersecurity, privacy and data protection company.

Conviso

Conviso

Conviso is a consulting company specialized in Application Security and Security Research.

Standards Council of Canada (SCC)

Standards Council of Canada (SCC)

SCC leads and facilitates the development and use of national and international standards and accreditation services in Canada.

TES

TES

TES is a provider of IT Lifecycle Services, offering bespoke solutions that help customers manage the commissioning, deployment and retirement of Information Technology assets.

Griffeshield

Griffeshield

Griffeshield is a company specialised in new information technologies used to protect Intellectual Property.

Spamhaus

Spamhaus

Spamhaus is the world leader in supplying realtime highly accurate threat intelligence to the Internet's major networks.

Noname Security

Noname Security

Noname Security detects and resolves API vulnerabilities and misconfigurations before they are exploited.

Cyber Command - Romania

Cyber Command - Romania

Cyber Command represents the military authority responsible for the development, protection and resilience of military IT networks and services that support the Romanian Force Structure.