Netacea: Stolen identity sales in criminal marketplace up 250% since 2019

Join Transform 2021 this July 12-16. Register for the AI event of the year.


The number of stolen digital identities available on the Genesis Market has risen from 100,000 in April 2019 to over 350,000 in March 2021, with over 18,000 added each month, Netacea, the bot detection and mitigation specialist, said in new research into the world’s largest invite-only deep web marketplace for stolen information.

The Genesis Market has information for all of the major services.

Above: Figure 2 shows the resources that exist on a “bot” in the upper price range of the Genesis Market. There are multiple accounts for many well-known services and a wealth of other accounts from services unrecognized by Genesis; such as academic accounts. (Source: Buying Bad Bots Wholesale: The Genesis Market)

Image Credit: Netacea

The Genesis Market is an illegal online marketplace for stolen credentials.

While many underground markets for stolen credentials operate from the anonymity of the dark web, Genesis Market is accessible from the open web. Access to the illegal marketplace is closely guarded by a strict invitation system, but once inside, users are presented with a well-organized one-stop-shop of stolen digital identities.

This data takes the form of device fingerprints, which allow users to essentially wear the “mask” of their victim online, gaining access to all their online accounts whilst bypassing traditional anti-fraud and cybersecurity defenses.

Cybercriminals target victims with malware and account takeover (ATO) bots to infiltrate their devices and harvest login credentials, as well as cookies, form autofill data and device fingerprints. These are then put up for sale on Genesis Market as packaged “bots” which are used to impersonate victims online. The asking price per bot can range from as little as $0.70 up to around $350 depending on the amount and nature of the data. The most expensive will contain financial details to allow access to online banking accounts. Upon purchase, consumers are provided with a custom browser to load the data into and are free to browse the internet masquerading as the hapless victim, use saved logins to access their accounts and – where login cookies exist – continue a victim’s session. All without any access to the original device.

Read more in Netacea’s full report Buying Bad Bots Wholesale: The Genesis Market

VentureBeat

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact. Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Become a member

Source

Leave a Comment