The Genesis Market Place is different from any other underground market selling stolen information. It hides through the dark web’s anonymity – because this cybercriminal shop is easily accessible right through anyone’s public internet and as well as through the dark web if anyone prefers it there. On the other hand, one would need an invitation to enter this illegal marketplace since it has strictly implemented an invitation-only system. Upon the success of entry, users will be able to see a systematised marketplace, similar to any e-Commerce website, for attackers to purchase various stolen sensitive information and digital fingerprints.
To acquire access to their victims’ online accounts, the threat actors would portray themselves as other identities through the form of device fingerprinting. To further explain, device fingerprinting is a process of gathering and classifying unique data from an electronic device to validate one’s identity. This process will enable attackers to evade the traditional cybersecurity and anti-fraud defences.
Genesis Market’s process of data theft
The first few steps of cybercriminals stealing private information are intruding on the victim’s devices with malware and account takeover or ATO bots. Then, it will enable them to collect the victim’s login credentials, device fingerprints, and even the browser data cookies and autofill data forms. After successfully harvesting information, it will be put live on the Genesis Marketplace to purchase. It will be labeled as packaged bots, wherein buyers will pretend and own someone else’s identity online.
The price range of these sold packaged bot information ranges from a low price of ¢70 up to at least $350. These price ranges depend on how complex the nature and the amount of information a buyer would interest in. Sensitive financial details and online banking accounts access are the usually most expensive packages since it will enable the attacker to plausibly steal wealth from its target online.
The most awaited part of threat actors come upon a successful transaction. A customised browser where all the information and credentials they bought will be loaded into, enabling them to pretend and efficiently use the victim’s identity and continue any existing internet activity sessions. To top it all, the victim’s original device will not require the attacker to perform its illegal activities during this process.
The potential of the Genesis Market, according to cybersecurity research
In April 2019, iZOOlogic and external researchers stumbled upon the Genesis Market’s presence in the cybersecurity world. From their reports, at least a hundred thousand available stolen data live for purchase in this illegal marketplace. Fast forward to April 2021, there were now over 350,000 packaged bots live and available for purchase inside the Genesis Marketplace. The potential of this illegal platform has increased to up to 250% over time, meaning it is indeed being patronised by many attackers worldwide. In a more detailed perspective, batches of at least 18,000 stolen credentials are added each month.
Genesis Market’s Sophisticated Platform
With Genesis Market’s professionalised user interface, operation, and facilitation, it is apparent that these attributes have led to the drastic growth of the platform over time. An estimate of millions of dollars is possibly circulating throughout the Genesis Market financial standing, given the amount of stolen data and bot packages that are live on sale and are being patronised by many attackers worldwide.
Many could even mistake the Genesis Market to be similar to any other authentic e-Commerce or software services site due to its intuitive overall user experience.
To add along with its illegal benefits, users will be able to find the interaction with their purchase to be worthy as with each purchase, a customised Chromium-based anti-detect browser called Genesium is provided. Through this, they will be able to act as their victims online as smoothly as offered.
The effect of attackers’ growing performance against cybersecurity
With how the Genesis Market is performing, it is proof that aside from it, all other credential marketplaces and cybercriminals have a way to effectively evade cybercrime defences. One process of anti-fraud defenders includes verifying an authentic user’s identity through matching device fingerprints to their credentials. However, Genesis Market bots have their ways to elude such defences by polluting legitimate devices and stealing fingerprints.
To conclude on what this could mean for cybersecurity, AI-driven defences struggle through many more critical ways to defend the cybersecurity world against its growing threats.
Tables also turn between cybercriminals
As to how some cybersecurity researchers say it, what goes around comes around – as various underground marketplaces can leak and breach one another’s online data. Meaning, it is not always a sunny day for illegal markets such as Genesis, as there is always a chance that their platform could be breached by other markets, as stated by recent research findings.
An example of this would be Swarmshop. It is a mid-size marketplace for stolen private and purchasing records and has been operational since April 2019. Swarmshop has experienced its most recent attack, which caused hundreds of thousands of data dumps of stolen payment card records worldwide. In addition, leaked are thousands of records of admins, sellers, and buyers comprising their contact data, pseudo names, and illegal activity history. They believe that this mishap is caused by their rival cybercriminals.
Since these happenings are not isolated and becoming more common all over the world of cybercrime, innocent victims’ stolen credentials are being more endangered and exposed to potentially more chances that private information is that easy to be breached and circulated.