Thousands Of Stolen Identities Added To Dark Web Markets

Uploaded on 2021-05-11 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

Bot detection and mitigation company Netacea has published new research into the Genesis Market, a controlled access Dark Web marketplace that trades in digital fingerprints and enables buyers to impersonate victims online. 
 
According to their report, Buying Bad Bots Wholesale: The Genesis Market, the number of stolen digital identities available on the marketplace has increased from 100,000 to over 350,000 since April 2019, with more than 18,000 being added every month.
 
Netacea says there are Genesis Market bots undertaking large-scale infection of consumer devices with the aim of stealing digital fingerprints, cookies, saved logins, and auto fill form data. This data is then packaged up and put up for sale, with prices that range from less than $1 to $370 for bots containing larger amounts of embedded data.
 
The report says that upon purchase of a Genesis bot, the buyer will receive a custom browser into which they load the data. This allows them to represent themselves online as the person whose information has been stolen. They can then browse the Internet using the stolen information, use saved logins to access the victims accounts, or continue a session if login cookies are available. All without access to the original device.
 
 “We’re caught in a Catch-22," says Netacea’s head of threat research, Matthew Gracey-McMinn."With more companies making the digital leap and an increasing amount of data available online, there's been a surge in data breaches as hackers look to cash in on consumers' data.... As hackers invest more and profit more from attacks, the number of attacks increases. The significant growth of the Genesis Market represents a huge step forward for attackers challenging client-side detection mechanisms and is making that Catch-22 harder to break.”
 
The key findings of the Netacea report include: 
 
• Analysis of the tactics used by Genesis Market bots to mimic genuine users, bypass defences, and access large amounts of private, financial or political information.
 
• In-depth research into the Genesis Security plugin and Genesium Browser, which allow buyers to browse the internet as the victim.
 
• Exploration of anti-detect browsers and how the Genesis Market technology tries to ensure anonymity online. In the Q4 of 2020, the Genesis Market went offline and left many patrons hanging in suspense because most of its users invested a lot of bitcoin in the Genesis Market place wallet. Now that the site has been reconstructed.
 
As a result of the findings, Netacea has invested $300,000 into hiring new threat research analysts to expand its research team and is increasing training for new and existing team members. 
 
Part of the investment will also be dedicated to the creation of a standardised bot management framework for businesses to capture all automated bot threats and their life-cycle in a series of comprehensive kill chains. “As attackers advance, so will cyber security defences... It's an arms race, but automation can and must be used as our secret weapon. Our investment into more research and the creation of a bot management framework will help ensure businesses and their customers remain protected.” says Gracey-McMinn.  
 
 
Netacea:      Digital Shadows:     Security Brief:       The Paypers:      RealWire:       iZooLogic:  
 
You Might Also Read: 
 
Identity Theft - A Very Personal Hacking Attack:
 
 
« Running Out Of Cyber Gas
Cyber Security Shared Skills Group Created »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Cyberlytic

Cyberlytic

Cyberlytic applies artificial intelligence to combat the most sophisticated of web application threats, addressing the growing problem of high volumes of threat data.

CSA Events

CSA Events

Cloud Security Alliance conducts a series of conferences around the world. This listing provides a link to details of upcoming events.

Array Networks

Array Networks

Array Networks, the network functions platform company, develops purpose-built systems for hosting virtual networking and security functions with guaranteed performance.

ThreatSTOP

ThreatSTOP

ThreatSTOP is a cloud-based automated threat intelligence platform that converts the latest threat data into enforcement policies to stop attacks before they become breaches.

DigitalXRaid

DigitalXRaid

DigitalXRAID is driven and motivated to ensure the bad guys don’t win. We’re dedicated to providing our clients with state-of-the-art cyber security solutions.

VIPRE Security Group

VIPRE Security Group

VIPRE Security Group is an award-winning global cybersecurity, privacy and data protection company.

Findcourses.co.uk

Findcourses.co.uk

Findcourses is a dedicated education search engine designed to make it easy for our learners to search and find exactly what they need from our community of trusted training providers.

Maven Security Consulting

Maven Security Consulting

Maven Security Consulting helps companies secure their information assets and digital infrastructure by providing a wide range of customized consulting and training services.

SecZetta

SecZetta

SecZetta provides third-party identity risk solutions that are easy to use, and purpose built to help organizations execute risk-based identity access and lifecycle strategies.

BreachLock

BreachLock

Breachlock delivers the most comprehensive Penetration Testing as a Service (PtaaS) powered by Certified Hackers and AI.

Everbridge

Everbridge

Everbridge provides enterprise software applications that automate and accelerate organizations’ operational response to critical events in order to keep people safe and businesses running.

Solvere One

Solvere One

Solvere One is a managed service provider (MSP) focused on corporate consulting and partnership.

VLC Solutions

VLC Solutions

VLC Solutions is an independent solutions and technology service provider offering Cloud Services, Cybersecurity, ERP Services, Network Management Services, and Compliance Solutions.

Sec3

Sec3

Sec3 is a security and research firm providing bespoke audits and cutting edge tools to Web3 projects.

Doherty Associates

Doherty Associates

Drawing on our deep industry knowledge and business insight, Doherty deliver intelligent IT solutions and services that help people work more securely, more productively and more creatively.

Assurestor

Assurestor

Assurestor's singular focus is delivering leading cloud-based backup and disaster recovery designed to increase levels of IT resilience.