Thousands Of Stolen Identities Added To Dark Web Markets

Bot detection and mitigation company Netacea has published new research into the Genesis Market, a controlled access Dark Web marketplace that trades in digital fingerprints and enables buyers to impersonate victims online. 
 
According to their report, Buying Bad Bots Wholesale: The Genesis Market, the number of stolen digital identities available on the marketplace has increased from 100,000 to over 350,000 since April 2019, with more than 18,000 being added every month.
 
Netacea says there are Genesis Market bots undertaking large-scale infection of consumer devices with the aim of stealing digital fingerprints, cookies, saved logins, and auto fill form data. This data is then packaged up and put up for sale, with prices that range from less than $1 to $370 for bots containing larger amounts of embedded data.
 
The report says that upon purchase of a Genesis bot, the buyer will receive a custom browser into which they load the data. This allows them to represent themselves online as the person whose information has been stolen. They can then browse the Internet using the stolen information, use saved logins to access the victims accounts, or continue a session if login cookies are available. All without access to the original device.
 
 “We’re caught in a Catch-22," says Netacea’s head of threat research, Matthew Gracey-McMinn."With more companies making the digital leap and an increasing amount of data available online, there's been a surge in data breaches as hackers look to cash in on consumers' data.... As hackers invest more and profit more from attacks, the number of attacks increases. The significant growth of the Genesis Market represents a huge step forward for attackers challenging client-side detection mechanisms and is making that Catch-22 harder to break.”
 
The key findings of the Netacea report include: 
 
• Analysis of the tactics used by Genesis Market bots to mimic genuine users, bypass defences, and access large amounts of private, financial or political information.
 
• In-depth research into the Genesis Security plugin and Genesium Browser, which allow buyers to browse the internet as the victim.
 
• Exploration of anti-detect browsers and how the Genesis Market technology tries to ensure anonymity online. In the Q4 of 2020, the Genesis Market went offline and left many patrons hanging in suspense because most of its users invested a lot of bitcoin in the Genesis Market place wallet. Now that the site has been reconstructed.
 
As a result of the findings, Netacea has invested $300,000 into hiring new threat research analysts to expand its research team and is increasing training for new and existing team members. 
 
Part of the investment will also be dedicated to the creation of a standardised bot management framework for businesses to capture all automated bot threats and their life-cycle in a series of comprehensive kill chains. “As attackers advance, so will cyber security defences... It's an arms race, but automation can and must be used as our secret weapon. Our investment into more research and the creation of a bot management framework will help ensure businesses and their customers remain protected.” says Gracey-McMinn.  
 
 
Netacea:      Digital Shadows:     Security Brief:       The Paypers:      RealWire:       iZooLogic:  
 
You Might Also Read: 
 
Identity Theft - A Very Personal Hacking Attack:
 
 
« Running Out Of Cyber Gas
Cyber Security Shared Skills Group Created »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

RedTeam Security

RedTeam Security

RedTeam Security is a provider of Penetration Testing, Social Engineering, Red Teaming and Red Team Training services.

TrustArc

TrustArc

TrustArc provide privacy compliance and risk management with integrated technology, consulting and TRUSTe certification solutions – addressing all phases of privacy program management.

Resolver

Resolver

Resolver’s Integrated Risk Management platform helps plan and prepare your organization to limit the likeliness or impact of security risk and compliance events from occurring.

Secure Decisions

Secure Decisions

Secure Decisions focus on research and product development related to national security including information assurance, computer network defense, cyber security education, and application security.

Core Security

Core Security

Core Security provides threat-aware identity, access, authentication and vulnerability management solutions.

Nordic Cyber Summit

Nordic Cyber Summit

Nordic Cyber Security Summit addresses a wide range of technological issues from the IT Security spectrum and also provides a wider perspective from all aspects of the industry.

Defendify

Defendify

We built Defendify to help small businesses navigate the cybersecurity landscape with cybersecurity that is dead simple, affordable, and works around the clock.

Lionfish Cyber Security

Lionfish Cyber Security

Lionfish Cyber Evolution & Empowerment Model™ empowers SMBs to prepare and protect themselves against cyber threats using a unique combination of on-demand training, support and managed services.

Immuta

Immuta

Immuta empowers data engineering and operations teams to automate data governance, security, access control & privacy protection.

Secura B.V.

Secura B.V.

Secura is an independent specialized cybersecurity expert, providing insights to protect valuable assets and data.

Porto Research, Technology & Innovation Center (PORTIC)

Porto Research, Technology & Innovation Center (PORTIC)

PORTIC brings together several research centers and groups from P.PORTO in a single space, forming a superstructure dedicated to research, technology transfer, innovation and entrepreneurship.

DatChat

DatChat

DatChat Inc. is a blockchain, cybersecurity, and social media company that focuses on protecting privacy on our devices and also protecting our information after we have shared it with others.

HLB Mann Judd (Fiji)

HLB Mann Judd (Fiji)

HLB Mann Judd (Fiji) (formerly known as HLB Crosbie & Associates) is a well-established firm of accountants and business advisers in Fiji.

ID North

ID North

ID North is a Nordic service provider offering identity security to its customers by providing world class expertise and best-in-class solutions and services.

Unisys

Unisys

Unisys is a global information technology company providing industry-focused solutions integrated with leading-edge security to clients in the government, financial services and commercial markets.

Onum

Onum

Onum helps security and IT leaders focus on the data that's most important. Gain control of your data by cutting through the noise for deep insights in real time.