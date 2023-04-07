Genesis Market, the main cybercrime company, has been dismantled, according to the FBI and the authorities of 17 countries that participated in the ‘Cookie Monster’ operation. The result of this large-scale operation was the arrest of 120 cybercriminals. However, the mastermind behind the organization that stole the personal data of more than two million people around the world has still not been arrested and computer security is still under threat from various actors.

A black market on the Internet without equal. The figures left by the theft of personal data and the sale of these to cybercriminals through the Genesis Market website alert users of cyberspace and the authorities of various countries. The UK National Crime Agency (NCA) reported that the Genesis Market service was home to around 80 million stolen digital credentials and fingerprints.

The stolen personal information mainly concerns bank account passwords, so Genesis Market also committed financial crimes. At the same time, accounts of social networks and of different applications of mainstream they were captured and sold for pennies or hundreds of dollars, depending on the importance and amount of personal information.

Modus operandi of the black market in cyberspace

Anyone handling data on the Internet, whether through the use of social networks, online bank account management, or simply by surfing the net and accessing the use of personal data from websites, can be a victim of cybercrime companies. .

cookies refers to the small files that a web server sends to the hard drive of the Internet user who visits it with information about their preferences and browsing patterns. The cookies browsers allow people to log in to websites without the need for a complex authentication process. Cybercriminals using Genesis Market bought language from software or programming, including cookies Browser and fingerprint data that track a user’s online activity.

Genesis Market offered applications of software automated machines that perform repetitive tasks on a network —named as bots— that they used to steal user data. A procedure that they carried out by infecting their devices through any type of software malware designed to damage or exploit vulnerabilities in any network—known as malware— or by attacks to access digital service accounts. In addition to providing the stolen databases, they included the tools to use those bots.

Genesis didn’t just offer usernames and passwords, either.. He also delivered the cookies necessary for the site the hijacker was trying to link to to actually believe it was dealing with its legitimate customer.

The cookies they store all the browsing information necessary for a site to identify who is trying to connect without the need for double identification, making it easier for cybercriminals. if the cookie is still active, the target site will have no reason to use one of the double identification methods such as sending an SMS confirmation request.

He malware used by Genesis to steal credentials was also kept on the hacked computers so that it could steal passwords as soon as they were updated. This ensured that their clients always had the latest version of the necessary identifiers. An advantage of Genesis Market over other black market companies on the Internet.

Some warning signs that personal data may be at risk

Browsing implies a danger if you do not have knowledge of the operation of the websites you visit. Computer viruses mostly enter devices through deceptive advertising, which is generally found on pornography or gaming pages; even sometimes on sites like Spotify, Yahoo, YouTube or Amazon, Tech giants being targeted by criminal companies tasked with malvertising.

But the theft of personal information is not only through deceptive advertising that is mistakenly or intentionally clicked on. Computer viruses also attack devices by using the aforementioned cookies. Every time a user enters a website and it asks him to accept the use of cookies, You are allowing access to all the files and data that the user stores on the device. Which sometimes represents a possibility for cybercriminals who may have hacked websites.

The future of cybersecurity

The takedown of Genesis Market is a strong blow to cybercrime.

“While underground marketplaces selling stolen credentials are not a new thing, Genesis Market was one of the first to focus on fingerprinting and browser cookies to enable account takeover despite the growing adoption of multi-factor authentication.” , according to researchers at cybersecurity firm Trellix.

Consequently, andTrellix’s threat intelligence lead, John Fokker, said the removal “would have a noticeable impact on the activities of cybercriminals focused on using stolen credentials for the remainder of the year.”

However, this is not the end of the war against this type of black market on the web. First, because “the creators of the site were not stopped,” John Fokker told France 24, and they could be tempted to rebuild their empire. And second, because Genesis Market has competitors looking to take its place as Russian Market.

