Bot detection specialist Netacea is looking to expose a major player in the criminal dark web with its publication of a new report.
Titled “Buying Bad Bots Wholesale: The Genesis Market”, the report details an online repository of “digital fingerprints” – data like cookies, saved login credentials, and autofill information that can be used to identify individuals online. The Genesis Market is operating out in the open in the sense that it can be found with a simple Google search, but it’s invite-only. Netacea appears to have found a way inside, or at least has made contact with reliable insiders, judging by its report.
Netacea says that since April of 2019, the number of stolen digital identities being traded on the Genesis Market has risen from 100,000 to more than 350,000, and that over 18,000 are being added each month. Prices for data packages range from under a dollar to $370.
These data packages are sold as “bots” that allow the buyer to load up a custom browser that essentially disguises them as their victim. And this opens the door to their digital accounts, and potentially more of the kinds of data breaches that can spill PII into the dark web.
“With more companies making the digital leap and an increasing amount of data available online, there’s been a surge in data breaches as hackers look to cash in on consumer’s data,” explained Netacea Head of Threat Research Matthew Gracey-McMinn. “As hackers invest more and profit more from attacks, the number of attacks increases.”
The findings underline the need for strong online authentication mechanisms, such as FIDO-compliant security keys and biometrics, especially in the wake of a pandemic that has driven even more daily business – and sensitive data – into online channels. Netacea, meanwhile, is looking to escalate its cyberthreat research, with the company announcing that it has invested £250,000 into hiring more research analysts.
The company’s full report is available from its website.