Researchers at Digital Shadows describe Genesis Market, a criminal-to-criminal marketplace that aggregates and sells digital fingerprints to facilitate cyberattacks. The researchers say the criminals behind the operation claim that the marketplace is the “result of research conducted across the antifraud technologies used by 283 major banks and payments systems.”
“Genesis is a fully-gated, invitation-only, English-language automated vending cart (AVC) site focused on the sale of digital fingerprints relating to a (victim) user’s computer, browser, and accounts on websites and services,” the researchers write. “It exists on both the dark web and the clear web since around 2017. These fingerprints include information about a victim’s account, including username and password, but also other identifiers such as browser cookies, IP addresses, user-agent strings, and other operating system details. Wannabe fraudsters would previously have to source these bits separately, until Genesis came along. Cybercriminals use these fingerprints to extrapolate account login details, bank access credentials, or bypass anti-fraud solutions either for personal exploitation or to sell on for financial gain. “
Genesis has since grown to be the most popular fingerprinting service, dwarfing its competition.
“Reputation is critical for new criminal endeavors, and word travels fast,” the researchers write. “Genesis’ unique product offering has gained widespread popularity since its creation around 2017. Since this time, similar and competing platforms have emerged onto the cybercriminal scene like Tenebris and Richlogs (since rebranded as Underworld Market). However, Genesis remains a high-profile and trusted repository of digital fingerprints. Photon analysis from 2020 showed that Genesis commanded 65% of mentions across criminal forums.”
Interestingly, Italy and France have the most listings of any country in the marketplace, although listings for users in the US were the most expensive, at $287.
The cybercriminal industry continues to grow more organized and sophisticated. New-school security awareness training can help your employees defend themselves against phishing and other social engineering attacks.
DigitalShadows has the story.