NEW YORK, Aug. 21, 2019 /PRNewswire/ -- IntSights, the threat intelligence company focused on enabling enterprises to Defend Forward™, announced today the release of the company's latest report Digital Browser Identities: The Hottest New Black Market Good, which provides an overview of top dark web marketplace Richlogs and the digital identities market comprised of stolen "digital fingerprints" of a user's web browsing device (i.e., IP address, OS information, time zone, user behavior).
The appearance of the Genesis market in November 2018 drew attention to a new type of underground "good" – digital identities. Today, Richlogs, an emerging competitor to Genesis, has joined the ranks in terms of top dark marketplaces collecting and selling stolen "digital fingerprints", which encompasses the full fingerprinting of a user's web browser and computer characteristics, allowing an attacker to almost flawlessly impersonate the victim. Acquiring these tools empowers the buyer of the digital identity to access websites as another user and circumvent advanced identity protection services, including access to mail accounts, social media profiles, banks and credit card accounts (including PayPal), retail and eCommerce sites, music services, travel apps, government services, and even internal login pages for the victim's company.
"The level of intrusion into a victim's life that digital identities provide is alarming. It's not just credit cards, bank accounts, or PII at stake. Digital identities offer threat actors the ability to almost completely take over someone's online browsing identity. This includes everything from accessing expenses, to tracking daily travel routes, to seeing tax information. The bigger the victim's digital footprint, the more they can be impersonated by a threat actor," said Ariel Ainhoren, Head of Research, IntSights. "Digital identities, as they are sold on Richlogs and Genesis, offer the whole digital fingerprint of an individual on a plate, providing endless opportunities for fraud, scams, theft, and access to the victim's personal life."
Tips to Protect Your Organization from Digital Identity Fraud
- Continuously Monitor Digital Identity Markets: Visibility and awareness are key to proactive protection. Monitoring these markets can help you identify compromised identities early (for example, to one of your internal login pages), so that you can more diligently monitor traffic to that page and/or increase verification methods when users log in.
- Enable Two-Factor Authentication: Asking for a second (or even third) variable for verifying users makes it increasingly difficult for threat actors to hack accounts. This might include mobile verification or providing answers to additional security questions that only the customer or employee will know.
- Regularly Update Fingerprinting Protocols: If your company uses digital fingerprinting to verify customers or users, make sure you regularly update these protocols and add additional points of authentication in order to keep up with the stealer's version upgrades.
- Consistently Clear Cookies and Browsing History: Clearing your cookies and browsing history limits the extent of your "digital history" and therefore won't put additional websites and/or profiles at risk if your device becomes infected.
- Change Passwords Regularly: This is always a cybersecurity best practice, and it certainly applies here as well. Changing passwords and avoiding password reuse both help significantly reduce your risk of compromise.
To read the full Digital Browser Identities: The Hottest New Black Market Good report, please visit: https://intsights.com/resources/research-report-digital-browser-identities
IntSights is revolutionizing cybersecurity operations with the industry's only all-in-one external threat protection platform designed to neutralize cyberattacks outside the wire. Our unique cyber reconnaissance capabilities enable continuous monitoring of an enterprise's external digital profile across the clear, deep, and dark web to identify emerging threats and orchestrate proactive response. Tailored threat intelligence that seamlessly integrates with security infrastructure for dynamic defense has made IntSights one of the fastest-growing cybersecurity companies in the world. IntSights has offices in Amsterdam, Boston, Dallas, New York, Singapore, Tel Aviv, and Tokyo. To learn more, visit: https://www.intsights.com.