Genesis: The online store that hides tens of thousands of clone profiles

© Provided by: P.ATHANASIADES & Co. SA

Kaspersky Lab has published its research results for Genesis, an online store that trades more than 60,000 stolen and legitimate digital IDs, making credit card fraud easier and more effective than ever.

This market, as well as other malicious tools, include the intense use of “digital masks” technique, based on mechanical learning: a unique, trustworthy client profile based on familiar device and behavioral features.

Whenever we enter our financial information, whether pay-related or personal, in an online transaction, advanced, analytical anti-fraud learning engineering solutions correspond to what is called the “digital mask”. These masks are unique to each user and combine the fingerprints of devices and browsers commonly used to make online banking and non-payments (such as screen and operating system information, a series of browser data such as headers, time zone, installed add-ons, window size, etc.) with advanced analytics and mechanical learning (cookies of individual users, internet and computer behavior, etc.). In this way, anti-fraud groups of financial institutions can determine whether we are the ones who import our login or are a scammer trying to buy goods using a stolen card and approve or reject the transaction or send it for further analysis .

However, the “digital mask” can be copied or created from scratch and Kaspersky Lab’s survey found that digital criminals actively use such “digital clones” to bypass the advanced anti-fraud measures. In February 2019, the survey of Kaspersky Lab revealed the market Genesis Darknet; an online store which sold stolen “digital masks” and user accounts at prices ranging from $5 to $200 each. The customers just buy stolen “digital masks” with stolen passwords and login data for online stores and payment services, and then launch a browser and proxy connection to mimic the real user activity. If he / she has the legal login for a user’s account, the attacker can then access his / her internet accounts or make new, trusted transactions in his / her name.

In order to enhance security, Kaspersky Lab recommends that companies implement the following measures:

• Activate multi-factor authentication at each stage of user validation processes.

• Consider introducing new methods of complementary verification, such as biometrics.

• Take advantage of the most advanced analyzes for user behavior.

• Integrate Threat Intelligence feedback into SIEM and other security controls to access the most relevant and up-to-date threat data and prepare for potential future attacks.

(Visited 21 times, 1 visits today)


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.