Kaspersky Lab says cybercriminals use digital doppelgangers to bypass anti-fraud measures

While emerging technologies are built to make life easier, these can also be used for criminal activities as evidenced by the creation of digital doppelgangers. Cybersecurity solutions firm Kaspersky Lab said in the results of its investigation that an e-shop is trading over 60,000 stolen and legitimate digital identities or doppelgangers that are used for credit fraud and in a much easier way.

According to Kaspersky Lab, this marketplace, as well as other malicious tools, involves abusing the machine-learning based anti-fraud approach of “digital masks” — unique, trusted customer profiles based on known device and behavior characteristics.

Whenever consumer key in any personal and financial details in a website, advanced, analytics, machine learning anti-fraud solutions match these pieces of information against something called a digital mask, which is unique to each user. It combines the fingerprints of devices and browsers commonly used to make payments or do online bank transactions with advanced analytics and machine learning.

That way, the financial organizations’ anti-fraud teams can determine whether it is truly us entering user credentials, or a malicious carder trying to buy goods using a stolen card, and either approve or deny the transaction or send it on for further analysis.

However, a digital mask can be copied or created from scratch and Kaspersky Lab’s investigation has found that cybercriminals are actively using such digital doppelgangers to bypass advanced anti-fraud measures.

In February 2019, Kaspersky Lab’s research uncovered the Genesis Darknet marketplace, an online shop selling stolen digital masks and user accounts at prices ranging from $5 to $200 each. Its customers simply buy previously stolen digital masks together with stolen logins and passwords to online shops and payment services and then launch them through a browser and proxy connection to mimic real user activity. If they have the legitimate user’s account credentials, the attacker can then access their online accounts or make new, trusted transactions in their name.

“We see a clear trend of carding fraud increasing around the world,” said Sergey Lozhkin, security researcher, Kaspersky Lab. “While the industry invests heavily in anti-fraud measures, digital doppelgangers are hard to catch. An alternative way to prevent the spread of this malicious activity is to shut down the fraudsters’ infrastructure. That is why we urge law enforcement agencies across the world to pay extra attention to this issue and join the fight.”

Other tools enable attackers to create from scratch their own unique digital masks that won’t trigger anti-fraud solutions. Kaspersky Lab researchers have investigated one such tool, a special Tenebris browser with an embedded configuration generator to develop unique fingerprints. Once created, the carder can simply launch the mask through a browser and proxy connection and conduct any operations online.

Kaspersky Lab advises businesses to immediately enable multi-factor authentication at every stage of user validation processes, consider introducing new methods of additional verification, such as biometrics, harness the most advanced analytics for user behavior, and integrate Threat Intelligence feeds into SIEM and other security controls in order to get access to the most relevant and up-to-date threat data and to prepare for possible future attacks.