8 Nov 2019
Whether you know it or not, you’ve left your impact on the Web. Every day, computers are becoming more and more skilled at detecting the difference between legitimate and illegitimate users, and it all relies on a digital fingerprint—a form of data that organizations use to identify fraudulent behavior. But as these systems evolve, so too do the hackers attempting to infiltrate them. Now, two cybercrime marketplaces known as “Genesis” and “Richlogs” are selling digital fingerprints to help cybercriminals impersonate real customers of sites like eBay, Amazon, Netflix, and even online banks. This trend is only the latest evolution of “carding,” which refers to illegal usage of credit and debit card data. Security experts believe that this sort of fraud is destined to rise, specifically to meet the increasingly sophisticated defenses that block stolen payment card data or other complex fraud techniques.
Meeting of the MethodsCredit and debit card data has been stolen and illegally exchanged for more than two decades, but now, in order to combat the rampant amounts of theft, organizations “digitally fingerprint” uses and devices to verify them as real and legitimate. These “fingerprints” are made up of more than 100 data points that include a user’s IP address, geolocation, operating system, time zone, and battery information. They can even record how an individual interacts with their smartphone’s keyboard. Using all of this information, organizations can single out unusual behavior, like a so-called Android user in California suddenly logging in from Lithuania on an iPhone. Anti-fraud controls will then check this “fingerprint” against a database of fraudster device patterns, and if they find a match, they block the device. Now, cybercriminals have started to steal and distribute digital fingerprints to fool these systems. They can even purchase tools that help them replay fingerprint data to emulate the patterns of a “legitimate” customer. The race to push back against this phenomenon is on, and while it’s up to site developers to increase the sophistication of their systems, individuals can still make a difference. To defend against attacks that use digital fingerprints, users should use unique passwords for every site, enable two-factor authentication whenever possible, and make sure to regularly clear cookies and browsing history.
Cover Your TracksWhen it comes to more advanced methods of cybercrime, it’s crucial for organizations to look at the bigger picture. Users can help decrease the probability of attacks by being individually mindful, but without maintaining strong defenses, your organization may still be leaving itself open and vulnerable to catastrophe. With our Red Team Assessment, you can stay up to date on how to defend against the latest and most complex threats. Our proven process makes use of multiple key attack vectors, including:
- Assessment of real-world threat vectors
- Circumvent security systems and controls
- Compromise perimeter/internal systems
- Establish persistent internal connections
- Gain network user account access
- Gain elevated privilege (admin) access
- Identify key systems and databases
- Establish backdoor access to key systems
- Capture sensitive data for validation