A recent cyberattack has put at least 60,000 users at risk, if not more. At the recently concluded Kaspersky Security Analyst Summit conference in Singapore it was revealed that a new cybercrime market place called “Genesis” was allegedly stealing very sensitive user information including account credential, browser cookies, user agent details & much more.
Kaspersky security researchers revealed the full extent of the cyberattack which they said left over 60, 000 users vulnerable to identity theft, stolen funds & other forms of attack as a result of exposed account passwords, leaked photos & documents & a long list of other possibilities. The e-shop Genesis uses an infected malware or rogue browser extension to unknowingly steal user account passwords as well as their full browser fingerprint & put these personal details up for sale on an underground market place where hackers purchase them.
It was in February 2019 that Kaspersky Lab research uncovered the Genesis Darknet marketplace – an online shop selling stolen digital masks & user accounts at prices ranging from US $5 to $200 each.
This new attack comes at “an alarming scale”, a lot bigger than anything else we have seen in the past. Genesis claims to have reviewed up to 283 online payments systems & 47 analytical systems to come up with its own highly sophisticated system. What makes this a bigger threat is the fact that Genesis isn’t just selling isolated user data but full digital profiles. Thus, it makes it easier for hackers to evade fraud detection systems on Websites & other Online services.
Genesis had also created a free Chrome extension which hackers can install to automatically import the identity they bought from Genesis, which then transformed their browser to a complete clone of that of the victim of the account.
According to the Kaspersky researchers, while secure Websites, especially payment services like PayPal, Amazon & others had a system in place for determining abnormal log in activities by looking at some additional details, Genesis was allegedly stealing & selling these details such as WebGL signature, user-agent details for browsers, HTML5 canvas fingerprints, & so on. This way, hackers could almost completely clone the real user’s profile, thus fooling even some of the most modern anti-fraud systems.
Genesis also offers a fully-customizable generator that will help hackers create a unique profile. They can choose the browser, OS, & country of their choice using bits of the stolen information & can adjust it to make it as legitimate-looking as possible.
In order to enhance security, Kaspersky Lab recommends businesses implement the following measures:
- Enable multi-factor authentication at every stage of user validation processes.
- Consider introducing new methods of additional verification, such as biometrics.
- Harness the most advanced analytics for user behavior.
- Integrate Threat Intelligence feeds into SIEM & other security controls in order to get access to the most relevant and up-to-date threat data, & to prepare for possible future attacks.
While experts recommend various advanced anti-fraud mechanism such as multi-factor authentication that can be put in place to manage, detect or prevent these forms of identity theft, they also recommend that law-enforcement agencies to take active steps to shut down the infrastructure behind these malicious activities completely.
Image Credit: Kaspersky