cherezoff - stock.adobe.com

Digital doppelgangers for sale to defeat anti-fraud tech

Security researchers have uncovered an online market selling digital identities to help cyber criminals to defeat anti-fraud technologies, as financial cyber crime becomes a bigger threat than ever before

Tens of thousands of digital doppelgangers to bypass financial anti-fraud systems are being traded online, according to researchers at security firm Kaspersky Lab.

A study by Juniper Research estimates that losses from online payment frauds will reach $43bn by 2023, up from $22bn in 2018, making anti-fraud and cyber security measures a top concern for the industry, the researchers note in a blog post.

“And this is not surprising – every day cyber criminals develop new methods and tools to bypass anti-fraud protection systems, they develop malware to help them in their activities, create services and stores, discuss ways to defeat protection mechanisms on dark net forums and channels,” they said, warning that financial cyber crime schemes have evolved and become more dangerous than ever.

An investigation into a dark web marketplace called Genesis uncovered more than 60,000 stolen and legitimate digital identities, making successful credit card fraud that much easier to conduct.

The marketplace is aimed at enabling the abuse of machine learning-based anti-fraud approach of “digital masks” or trusted customer profiles based on known device and behaviour characteristics.

This technology matches anyone entering their financial, payment and personal information in an online transaction against digital masks.

These masks are unique to each user and combine the fingerprints of devices and browsers commonly used to make payments or bank online with advanced analytics and machine learning that analyses things like an individual user’s cookies and behaviour.

This approach is designed to enable financial organisations’ anti-fraud teams to determine whether it is a legitimate user entering their credentials or a cyber criminal trying to buy goods using a stolen card.

However, the Kaspersky Lab researchers warn that the digital mask can be copied or created from scratch. They found that cyber criminals are actively using such digital doppelgangers to bypass advanced anti-fraud measures.

Stolen digital masks and user accounts were available for purchase on the Genesis market from as little as $5 up to $200.

Customers of such dark web marketplaces simply buy previously stolen digital masks together with stolen logins and passwords to online shops and payment services, and then launch them through a browser and proxy connection to mimic real user activity, the researchers said.

If cyber criminals have the legitimate user’s account credentials, the attacker can then access their online accounts or make new, trusted transactions in their name.

“We see a clear trend of carding fraud increasing around the world,” said Sergey Lozhkin, security researcher at Kaspersky Lab. “While the industry invests heavily in anti-fraud measures, digital doppelgangers are hard to catch.”

Shutting down fraudsters’ infrastructure

An alternative way to prevent the spread of this malicious activity, said Lozhkin, is to shut down the fraudsters’ infrastructure. “That is why we urge law enforcement agencies across the world to pay extra attention to this issue and join the fight.”

The researchers have also found other tools enable attackers to create from scratch their own unique digital masks that will not trigger anti-fraud systems. One such tool is the Tenebris Linken Sphere browser with an embedded configuration generator to develop unique fingerprints.

Once created, researchers said the carder can simply launch the mask through a browser and proxy connection and conduct any operations online.

To defend against such attacks, Kaspersky Lab recommends businesses implement:

  • Multifactor authentication at every stage of user validation processes
  • Additional verification such as biometrics
  • Advanced analytics for user behaviour

The researchers also recommend integrating threat intelligence feeds into security information and event management systems and other security controls to get access to the most relevant and up-to-date threat data to prepare for possible future attacks. 

Read more on Hackers and cybercrime prevention