Number of stolen digital identities on deep web marketplace skyrockets, Netacea claims
A new report by bot detection and mitigation specialist Netacea has shown a 250 percent increase in stolen digital identities sold on the deep web marketplace Genesis Market in the last two years.
Dubbed ‘Buying Bad Bots Wholesale: The Genesis Market,’ the new document shows an increase from 100,000 illegally obtained identities in April 2019 to over 350,000 today.
The firm also counted more than 18,000 new digital identities being added each month.
According to Netacea, personal information is illegally obtained by malicious actors utilizing bots deployed to commit fraud and infect consumer devices on a large scale.
“We’re caught in a Catch-22,” commented Matthew Gracey-McMinn, head of Threat Research at Netacea. “With more companies making the digital leap and an increasing amount of data available online, there’s been a surge in data breaches as hackers look to cash in on consumer’s data.”
Among the stolen data are digital fingerprints, cookies, saved logins, and autofill form data.
The digital identity information is then packaged to a bot that can be purchased for prices ranging between $1 and $370.
Once the bot is sold, the malicious actor can unpack its content in a custom browser provided with the bot, allowing them to impersonate the individual whose information has been stolen.
“As hackers invest more and profit more from attacks, the number of attacks increases,” Gracey-McMinn explained. “The significant growth of the Genesis Market represents a huge step forward for attackers challenging client-side detection mechanisms and is making that Catch-22 harder to break.”
To tackle these increasing threats, Netacea has recently invested $300,000 (£250,000) in the expansion of its threat research team, as well as the creation of a standardized bot management framework.
The tool will enable businesses to capture most automated bot threats and their life-cycle in a series of comprehensive kill chains.
“As attackers advance, so will cybersecurity defenses,” Gracey-McMinn added.
“It’s an arms race, but automation can and must be used as our secret weapon. Our investment into more research and the creation of a bot management framework will help ensure businesses and their customers remain protected,” he concluded.