Digital Fingerprint Theft Helps Cybercriminals Circumvent Advanced Security Protocols
August 22nd, 2019
Subscribe to our blog and stay up to date
Threat actors are constantly on the hunt for new vulnerabilities, exploits, and attack vectors to infiltrate increasingly secure corporate networks and wreak havoc. As organizations have in recent years emphasized identity protection for employees and others who have access to their sensitive data, cybercriminals have done their best to keep up. One new method that has grown in popularity over the past year is the theft of “digital browser identities” to accurately mimic users’ properties and fool even advanced security systems.
What are Digital Identities?
While the Genesis market has been selling digital identities on the dark web since last year, a new black market has emerged as an ostensible competitor. This new market, called Richlogs, collects and sells stolen “digital fingerprints” of a user’s web browsing device – such as their IP address, OS information, time zone, user behavior, and more. Buyers can use these fingerprints to impersonate legitimate online users and bypass security protocols, offering full credentialed access to sites stored in the victim’s browser. Some common examples of accounts accessed are email inboxes, social media networks, retail and ecommerce sites, bank accounts, credit card accounts, government tax and record sites, and confidential corporate systems.
What is Digital Fingerprinting?
Legitimate businesses use fingerprinting to prevent fraud by verifying a user accessing a website using their username and password. Fingerprinting systems use technical details to verify users and prevent unauthorized access – for example, they process screen resolution, time zone, OS information, regular user behavior, and other unique user details. This is a common occurrence when a user logs into their account on a device or in a new location for the first time and immediately receive an alert from the system to ensure the login is valid.
How are Digital Identities Stolen?
Much like most types of identity or data theft, cybercriminals begin the digital identity theft process by infecting a device. They use specialized malware, called a “stealer,” to harvest multiple indicators and session cookies required to access sites as the targeted user. While stealers are by no means new, having existed since the early days of the dark web, Richlogs and Genesis Market have introduced a new breed of stealers specifically designed to collect digital fingerprints and artifacts. They are often spread through social engineering tactics like spam emails, malicious attachments, phishing links, malicious apps, and malvertising.
The Implications of the Digital Identities Market
The level of intrusion into a victim’s life that digital identities provide is alarming. It goes beyond credit cards, bank accounts, and personally identifiable information (PII) – digital identities give threat actors the ability to completely hijack a user’s browsing identity. The larger the victim’s digital footprint, the more extensive the damage can be. Security screening has become more sophisticated by cross-referencing user details beyond the name and password attached to the account. Stolen digital identities give hackers the ability to match these advanced details at a microcosmic level, to the extent that they are often unrecognizably different from the legitimate user – allowing them to operate without any suspicion from the user or the compromised security system.
How to Protect Your Organization From Digital Identity Fraud
The digital identities market has brought about a wave of new risks that both organizations and individuals must consider. Threat actors continue to innovate in order to find new ways to gain unauthorized access, steal information, and conduct fraud. Security professionals must monitor the landscape closely to identify these new tactics and take proactive measures to protect their networks, employees, brands, and customers from new forms of cyberattack.
Digital identity theft presents a critical challenge to cybersecurity teams. Learn how to prevent it from devastating your organization in our new report, Digital Browser Identities: The Hottest New Black Market Good.
Kevin Diffily is a Product Marketing Manager at IntSights. He strives to provide security teams with the knowledge and tools they need to enable proactive defense against emerging cyberattacks. Kevin has a background in journalism, brand development, content marketing, and social media management. He received his B.A. in Communication from Curry College and his M.A. in Integrated Marketing Communication from Emerson College. He is a staunch proponent of gratuitous Oxford comma use.
Stay up to Date!
Subscribe to the blog to stay up to date with all the latest industry news and updates from IntSights.