Captured through malware and sold on the Dark Web, the "digital fingerprints" of your web browsing can be used to impersonate your identity online, as described in a new report from IntSights.
Cybercriminals use a variety of tricks to try to steal and use your personal information for financial gain and other reasons. Your online passwords, your credit card numbers, your social security number, your bank account numbers, and other private data can all be used to access your accounts and steal your identity. But another way cybercriminals attempt to use your own information and activities against you is through your "digital fingerprint," a trail of breadcrumbs that gets collected as you browse the Web, according to a report released Wednesday by IntSights.
As you use different websites, a fingerprint is created with certain information, such as your IP address, operating system data, time zone, and even certain user behavior. Such fingerprinting is used by many online companies as an anti-fraud method to verify your website account with your username and password. But as with many things designed to protect us, fingerprinting has been co-opted by cybercriminals to steal your digital identity.
By infecting computers and mobile devices with malware known as stealers, cybercriminals can pilfer session cookies and other indicators of your web activity. Stealers are often aimed at specific browsers such as Chrome and Firefox and at specific websites such as banking and financial sites. By capturing your fingerprint, criminals then can tap into your digital identity, allowing them to access your email accounts, social media profiles, bank and credit card accounts, retail and e-commerce sites, and even login pages for your company.
As with most stolen data, digital identities are traded on the Dark Web, and two marketplaces for this information as described in IntSights' report are Genesis and Richlogs. Around since November 2018, Genesis was the first market to sell digital identities on the Dark Web. Richlogs is the newer kid on the block, appearing in April 2019. Genesis currently offers more than 100,000 profiles of victims, while Richlogs inventory is limited right now to just 1,105 accounts for sale.
A compromised user account is priced based on the amount of login data it offers. A user account with a couple of websites might fetch only a few dollars. An account with dozens of sites can sell for $200-$250. Reviewing the user profiles up for sale, IntSights said it found multiple corporate login pages that could allow hackers to easily access a business network. Some profiles were also found to have accessed government sites. Buying a user profile or digital identity on the Dark Web this way not only paves the way for financial crimes but can also be used by people conducting corporate espionage.
To safeguard yourself and your organization from this type of digital identity fraud, IntSights offers the following recommendations:
Continuously monitor digital identity markets. Monitoring these markets can help you identify compromised identities early so you can more diligently monitor traffic and/or enhance the verification methods for user logins.
"Organizations can use services of threat intelligence companies such as IntSights to monitor their assets on markets such as Richlogs and Genesis," Ariel Ainhoren, head of research for IntSights, told TechRepublic. "Getting to them is not too complicated, and with decent protection measures such as a VPN, it is not too risky as well. But most small-medium organizations won't have the time to invest in monitoring these markets and the other dark web activity. They will usually notice that something is wrong only after threat actors will make use of these identities. This is what makes digital identity fraud and these markets so dangerous."
Enable two-factor authentication. Asking for a second (or even third) variable to authenticate your users makes it more difficult for hackers to access your accounts. You might adopt a form of mobile verification or ask security questions that only the user would know.
Regularly update fingerprinting protocols. If your company uses digital fingerprinting to verify the user accounts, make sure you regularly update these protocols and add more points of authentication to keep up with the hackers.
Consistently clear cookies and browsing history. Clearing your cookies and browsing history limits the extent of your "digital history" and won't put more websites and accounts at risk if your device becomes infected.
Change passwords regularly: Changing passwords and not reusing the same passwords can significantly reduce your risk of compromise.
How to become a cybersecurity pro: A cheat sheet (TechRepublic)
10 dangerous app vulnerabilities to watch out for (TechRepublic download)
Windows 10 security: A guide for business leaders (TechRepublic Premium)
Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)