Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

Genesis Market: a Study in the C2C Economy

Stu Sjouwerman | May 5, 2021

Study of the Criminal to Criminal EconomyResearchers at Digital Shadows describe Genesis Market, a criminal-to-criminal marketplace that aggregates and sells digital fingerprints to facilitate cyberattacks. The researchers say the criminals behind the operation claim that the marketplace is the “result of research conducted across the antifraud technologies used by 283 major banks and payments systems.”

“Genesis is a fully-gated, invitation-only, English-language automated vending cart (AVC) site focused on the sale of digital fingerprints relating to a (victim) user’s computer, browser, and accounts on websites and services,” the researchers write. “It exists on both the dark web and the clear web since around 2017. These fingerprints include information about a victim’s account, including username and password, but also other identifiers such as browser cookies, IP addresses, user-agent strings, and other operating system details. Wannabe fraudsters would previously have to source these bits separately, until Genesis came along. Cybercriminals use these fingerprints to extrapolate account login details, bank access credentials, or bypass anti-fraud solutions either for personal exploitation or to sell on for financial gain. “

Genesis has since grown to be the most popular fingerprinting service, dwarfing its competition.

“Reputation is critical for new criminal endeavors, and word travels fast,” the researchers write. “Genesis’ unique product offering has gained widespread popularity since its creation around 2017. Since this time, similar and competing platforms have emerged onto the cybercriminal scene like Tenebris and Richlogs (since rebranded as Underworld Market). However, Genesis remains a high-profile and trusted repository of digital fingerprints. Photon analysis from 2020 showed that Genesis commanded 65% of mentions across criminal forums.”

Interestingly, Italy and France have the most listings of any country in the marketplace, although listings for users in the US were the most expensive, at $287.

The cybercriminal industry continues to grow more organized and sophisticated. New-school security awareness training can help your employees defend themselves against phishing and other social engineering attacks.

DigitalShadows has the story.

Topics: Social Engineering Cybercrime

See KnowBe4 Security Awareness Training in Action

See how you can efficiently safeguard your organization from sophisticated social engineering threats.

Request a Demo

Secure the Digital Workforce: Human + AI

KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.

Stu Sjouwerman

ABOUT STU SJOUWERMAN

Stu Sjouwerman (pronounced “shower-man”) is the Founder and Executive Chairman of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

Read more from Stu »

Subscribe the KnowBe4 Blog

Posts By Topic

View All