Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

4/22/2021
09:15 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Netacea Releases "Buying Bad Bots Wholesale: The Genesis Market" Report

New report uncovers the tactics used to steal and sell genuine digital fingerprints on the most popular deep web marketplace.

Manchester, UK – 22nd April 2021 – Netacea, the bot detection and mitigation specialist, has today published new research into the Genesis Market, the world’s largest invite-only deep web marketplace that trades digital fingerprints and enables buyers to impersonate a victim online. Netacea’s report ‘Buying Bad Bots Wholesale: The Genesis Market reveals that since April 2019, the number of stolen digital identities available to purchase on the marketplace has increased from 100,000 to over 350,000 today, with more than 18,000 being added each month.

The tasks that the Genesis Market bots undertake involve large-scale infection of consumer devices to steal the digital fingerprints, cookies, saved logins and autofill form data available on them. That data is packaged up and put up for sale, with prices for these bots ranging from less than $1 to $370 for bots that contain more significant amounts of embedded data.

The report reveals that upon purchase of a Genesis bot, buyers receive a custom browser into which they load the data. This enables those buyers to represent themselves online as the individual whose personal information has been stolen. The bot user is able to browse the internet as the victim, use saved logins to access the victim’s accounts or continue a victim’s session if login cookies are available – all without access to the original device.

‘We’re caught in a Catch-22. With more companies making the digital leap and an increasing amount of data available online, there’s been a surge in data breaches as hackers look to cash in on consumer’s data. As hackers invest more and profit more from attacks, the number of attacks increases’, said Matthew Gracey-McMinn, Head of Threat Research at Netacea. ‘The significant growth of the Genesis Market represents a huge step forward for attackers challenging client-side detection mechanisms and is making that Catch-22 harder to break.’

As a result of the findings, Netacea has invested £250,000 ($300,000) into hiring new threat research analysts to expand its threat research team and increasing training for new and existing team members. Part of the investment will also be dedicated to the creation of a standardise bot management framework for businesses to capture all automated bot threats and their life-cycle in a series of comprehensive kill chains.

‘As attackers advance, so will cybersecurity defences,’ continued Matthew Gracey-McMinn. ‘It’s an arms race, but automation can and must be used as our secret weapon. Our investment into more research and the creation of a bot management framework will help ensure businesses and their customers remain protected.’

The report includes:

  • Analysis of the tactics used by Genesis Market bots to mimic genuine users; bypass defences; and access large amounts of private, financial or political information.
  • In-depth research into the Genesis Security plugin and Genesium Browser, which allow buyers to browse the internet as the victim.
  • Exploration of anti-detect browsers and how the Genesis Market technology ensures anonymity online.

The report ‘Buying Bad Bots Wholesale: The Genesis Market’ can be downloaded here: https://www.netacea.com/genesis-market-report-2021/

About Netacea

Netacea, a bot detection and mitigation platform, takes a smarter approach to bot management and is a recognised leader for its innovative use of threat intelligence and machine learning. Netacea’s Intent Analytics™ engine analyses web and API logs in near real-time to identify and mitigate bot threats. This unique approach provides businesses with transparent, actionable threat intelligence that empowers them to make informed decisions about their traffic.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
Edge-DRsplash-10-edge-articles
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
News
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-35210
PUBLISHED: 2021-06-23
Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x before 4.11.5, allows XSS. It is possible to inject code into the tl_log table that will be executed in the browser when the system log is called in the back end.
CVE-2021-27649
PUBLISHED: 2021-06-23
Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2021-29084
PUBLISHED: 2021-06-23
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in Security Advisor report management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2021-29085
PUBLISHED: 2021-06-23
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in file sharing management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2021-29086
PUBLISHED: 2021-06-23
Exposure of sensitive information to an unauthorized actor vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to obtain sensitive information via unspecified vectors.