![]() ![]() By compromising a single supplier, spies or saboteurs can hijack its distribution systems to turn any application they sell, any software update they push out, even the physical equipment they ship to customers, into Trojan horses. That insidious and increasingly common form of hacking is known as a "supply chain attack," a technique in which an adversary slips malicious code or even a malicious component into a trusted piece of software or hardware. But increasingly, sophisticated hackers are undermining that basic sense of trust and raising a paranoia-inducing question: what if the legitimate hardware and software that makes up your network has been compromised at the source? Subscribe to our new cybersecurity podcast, CYBER.Frank Lindecke / Flickr reader comments 23 withĬybersecurity truisms have long been described in simple terms of trust: Beware email attachments from unfamiliar sources and don't hand over credentials to a fraudulent website. "These people are professionals these aren't pickpockets," Gracey-McMinn said of the Genesis administrators. Now with the EA hack, it appears high profile organizations are being targeted with compromised cookies too. Woods said they've observed dozens of attacks related to Genesis, but cautioned that attacks where hackers simply use the exposed login credentials themselves rather than the plugin will be harder to detect. Specifically Woods said F5 has reverse-engineered the Genesis plugin so it can observe when attackers use it against their customers. ![]() "We think that is tied to a particular group," Woods told Motherboard.īoth researchers said they believe information from Genesis is being used in real-world attacks. One reason is that out of the hundreds of thousands of bots on the market, some of the bot names, a series of alphanumeric characters, have a constant substring in them. Woods believes that the creators of Genesis originally populated the marketplace with items collected with their own malware, and then allowed others to sell products too. Gracey-McMinn said they think Genesis is a single seller marketplace, with only one group of people selling information gleaned from malware. I could get something that would eventually be worth hundreds of dollars for 70 cents," Gracey-McMinn said. "If I've bought early, I've essentially got a great bargain. One bot for sale had 5,000 cookies linked to it across multiple web browsers, and included sites as diverse as Facebook, Spotify, Reddit, Pinterest, Apple, Netflix, Binance, GitHub, Steam, Instagram, Adobe, Amazon, Google, Tumblr, Twitter, Dropbox, PayPal, LinkedIn, NvidiaStore, EANetwork, and Slack. When selecting a bot to purchase, Genesis shows a user what particular sites are included, according to screenshots and videos shared by Gracey-McMinn and Dan Woods from cybersecurity firm F5 which has also tracked Genesis. Why don't we exfiltrate that data as it comes in-login credentials, browser fingerprints, the whole works," Gracey-McMinn said. "We're on these computers, we can see everything happening on them. Whereas bots are often used for re-routing a hacker's traffic to make it harder for law enforcement to identify their location, or carry out distributed denial of service attacks, Genesis has presented an opportunity to diversify a botnet owner's income stream, Gracey-McMinn said. Image: shared by Gracey-McMinn, redactions by Motherboard. ![]() But more importantly, Genesis also lets customers essentially recreate a one-to-one replica of that victim's browser, with their cookies and device fingerprints intact.Ī screenshot of a bot containing Slack credentials. On Genesis, criminals don't just buy one cookie they buy exclusive access to a "bot," a compromised computer that is part of a botnet which could contain any number of login details. Sometimes they can be used by advertising firms to track browsing activity from site to site other times they're used for storing login details and keeping you logged into different websites. But its alleged link to a high profile breach demonstrates its increasing relevance in the digital underground.Ĭookies are small files stored on your computer that can hold all sorts of information. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on or handful of cybersecurity companies and trade publications have covered the site in the past few years. Have you used data from Genesis Market in a hack? Do you know anything else about the site? We’d love to hear from you. ![]() "Can filter for sale by URL," the representative of the EA hackers said in an online chat, specifying that criminals can search for domains such as Slack or Okta, a popular cybersecurity and sign-in service designed to make access to company assets more secure. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |