Genesis e-shop | Kaspersky research findings
A research team from Kaspersky Lab released the results of their study on an online cybercrime e-shop they named Genesis. The store trades over 60,000 stolen identities and is a threat to the world’s security. This marketplace and other malicious tools include heavy use of the “digital mask” technique, which is based on machine learning. This process of creating a unique, trusted customer profile is based on known device and behavioral characteristics.
Every time you enter your financial information online, our fraud detection systems will check it for signs of irregular activity. This is the precursor to matching it up with a “digital mask”. The mask then allows our machine-learning anti-fraud solutions to provide a risk score. Very indicative is the risk score of whether or not the transaction has raised any red flags. Different masks are unique to each device and browser used to make online banking and non-banking payments, with advanced analytics and machine learning so you can experience whatever personalized service is available. Banks can use artificial intelligence (AI) to detect fraud. By using AI, they are able to determine if it is us that entered in our login details or if it is a fraudster we’re trying to buy on their behalf and approve or reject the transactions in real-time.
Kaspersky’s findings
Nonetheless, the digital mask can be duplicated and the recent research by Kaspersky Lab revealed that some criminals are adapting to bypass advanced fraud measures. In February 2019, Kaspersky Lab’s investigation uncovered the Genesis Darknet marketplace. This e-shop sells stolen “digital masks” and user accounts and can even be bought for a low price of $5 each. There are a lot of ways to steal data online, one of which is to purchase digital masks that make user activity appear authentic. Victims are tricked into giving up their sensitive information and the hackers profit from it. If someone has signed up for a new service, it is possible for them to gain access to their online accounts by using their email address and password. An attacker can also make new transactions in the victim’s name.
“We see a clear trend of increasing credit card fraud worldwide. Although the industry is investing heavily in anti-fraud measures, catching digital clones is difficult. An alternative way to prevent the spread of this malicious activity is to shut down the fraudsters’ infrastructure. That is why we urge law enforcement authorities worldwide to pay special attention to this issue and join the fight,” said Sergey Lozhkin, security researcher, Kaspersky Lab.
Kaspersky recommendations
In order to enhance security, Kaspersky Lab recommends that businesses implement the following measures:
-
Enable multi-factor authentication at each stage of the user authentication processes.
-
Consider introducing new methods of additional verification, such as biometrics.
-
Use the most advanced analytics for user behaviour.
-
Incorporate Threat Intelligence feedback into SIEM and other security controls to access the most relevant and up-to-date threat data and prepare for potential future attacks.
If you enjoyed reading this post, then you may also like this one.
Author: PC-GR
The World of Technology
